Archive for the ‘Security and Compliance’ category

SQL Server 2014 RTM cu13 released

April 23rd, 2016

The 13th cumulative update release for SQL Server 2014 RTM is now available for download at the Microsoft Support site.

https://support.microsoft.com/en-us/kb/3144517

Extended support for SQL Server 2005 ended on April 12, 2016

April 21st, 2016

Extended support for SQL Server 2005 ended on April 12, 2016
customers still running SQL Server 2005 after April 12, 2016, will no longer receive security updates and technical support. We recommend upgrading to SQL Server 2014 and Azure SQL Database to achieve breakthrough performance, maintain security and compliance, and optimize your data platform infrastructure.

Phishing and Ransomware – what to do about it?

April 6th, 2016

Ransomware is typically delivered by via email. In particular, the healthcare industry is targeted with these types of attacks. A user opens an email attachment and suddenly whatever files they have access to are encrypted; short of restoring the data from backups, the only answer is to pay a ransom in Bitcoins.

High profile incidents include:

Omaha’s Scoular Co. lost $17 million after spearphishing attack
Ubiquiti Networks says it was victim of $47 Million Cyber Scam
Mattel fought elusive cyber-thieves to get $3M out of China

How the emails trick users:
Mismatched Senders

Every email has y two “from” addresses.
The “mail from” field which is also referred to as the “envelope” or “P1” address The “from” field, is referred to as the “P2” address.
Spam filtering solutions will look at the P1 address .
So the phishing email is sent with a P1 that is from a company that publishes a valid SPF record. However the P2 (which is what the user sees in Outlook) will appear to be from your organization.
So the message arrives , and looks legitimate to your spam solution and to the user it appears as internal or normal business mail. The user swamped with spam emails may not notice that it’s actually going to the P1 address.

Similar Domain Names
An effort is made to register a domain similar to your own. So when your domain is “Synergy1.com”, the email might come in with the domain “SynergyL.com”; assuming the username portion of the email matches, it takes a keen eye to spot this -and that someone will bother to check. Combined with the above where the P1 was “ceo@Synergy1.com” and the P2 (which the user sees) is ceo@SynergyL.com”, its expecting a lot of users to spot this.

Three technologies provide different protection options:
three technologies are, how they provide different types of protection and how they can work together.

SPF (Sender Policy Framework)
SPF is pretty well known and commonly implemented. it’s essentially a DNS record (TXT) that contains a list of approved senders by IP address, domain name or some other mechanism.

SPF looks as the “Mail From” field within an email and compares the sending IP address to the published TXT record for that domain. The “Mail From” field can contain a different value than the “From” or “Reply To” fields. This is how some phishing emails can enter your organization. They will have a valid SPF published for the “Mail From” and then present the user with a different email in the “From” field.

With Exchange Online, Microsoft provides the information to properly configure your SPF record. There are some limitations on the number of DNS queries you can have in your SPF record and it’s not uncommon to see syntax errors so you always validate your SPF record with one of the online validation tools.

When a message is received from a source not authorized in the SPF record, the receiving party can do what they choose with that information e.g. to block the message, to rank it higher as prospective spam or to ignore it.

DKIM (DomainKeys Identified Mail)
DKIM also looks at the “Mail From” field and will show a “None”, “Pass” or “Fail” once the message is evaluated. The same potential phishing issue exists with DKIM where the “Mail From” does not necessarily match the “From” field that the user sees.

DKIM uses a public/private key to sign messages as opposed to the published TXT record. One advantage of DKIM over SPF is that there is no limit to the number of partners you can authorize to send on your behalf (assuming they support DKIM). If you use a number of third-party senders, then will run into issues when trying to include those in your SPF.

Another way to address the SPF limitation is to have senders send their messages under a subdomain and to publish a separate SPF for that subdomain.

DMARC?
DMARC looks for a passed SPF or DKIM but also looks for “alignment” of the “Mail From” and “From” fields. Configuration of DMARC allows you to tell recipient mail servers what to do with a message when DMARC fails.
A DNS TXT record is created (_dmarc.company.com) and for mail systems that use DMARC, they will send success/failure reports to the addresses specified in the TXT record. A third-party tool or service can be used to aggregate these reports and analyze them.

Prophix 12 is now available from Synergy Software Systems

April 5th, 2016

We are happy to announce the availability of Prophix Version 12. Designed with the user in mind, with enhanced ease of use with a web browser interface and access to Prophix from anywhere, any time, on any device.

The same productised approach with a single suite of tools for all your corporate performance requirements is now enhanced. In this time of ongoing recession, volatile exchange rates, commodity prices collapse, and global political challenges the need for corporate performance management tools are greater than ever. More frequent reforecast, budget scenarios, budget vs actuals, detailed planning, faster month end, ease of inquiry are all essential now.
A proven solution for almost 30 years Prophix is regularly enhanced with a clear road map that leverages the evolving Microsoft technology stack and is driven by business need and user and partner feedback.

Some of the great new enhancements in Prophix Version 12:
• Brand new user experience developed after hundreds of hours of usability studies with everyday users, designed to make it even easier to complete key tasks in performance management across the organization.
• New web client based on HTML5 technology for access all major browsers (e.g. Chrome, Firefox, Internet Explorer, Edge, Safari).
• New Dashboard Studio for self-service dashboard creation by any user through a drag and drop user interface. Create innovative mash-ups to monitor key business processes and performance metrics using data sourced both from within Prophix, or externally.
• Redesigned Workflow Tasks portal and new workflow dashboard tile for quick access to assigned tasks, and monitoring of completed, past due, and future tasks.
• Enhanced navigation and layout selection in Ad hoc Analysis and Templates. These changes enable users to interrogate ,and to navigate, across multidimensional data to get exactly what they need in fewer clicks.
• Enhancements to line item schedules to cell commentary.

The upgrade path to Prophix Version 12 will be seamless for customers currently using Prophix 11. Cubes do not need to be rebuilt; templates will not have to be redesigned. Everything that users have learned will still be valid as the existing Smart Client and its functions continue to work well.

GESS Exhibition ( Global Educational Supplies & Solutions ) 2016

March 2nd, 2016

Gulf Educational Supplies and Solutions (GESS) opened yesterday and is being held under the patronage of his Highness Sheikh Mohammed Bin Rashid Al Maktoum, Vice President of the UAE, Prime Minister and Ruler of Dubai, in partnership with the Ministry of Education, GESS and Global Education Forum (GEF). In its 9th edition, GESS provides the ideal platform for education professional worldwide to meet, find new products and services, and discuss a range of topics about education and its future.

H.E. Hussain Ibrahim Al Hammadi, Minister of UAE Ministry of Education, UAE and Synergy Software Systems Account Manager Sudhakar Raman at yesterday’s exhibition in Dubai. The event continues today and tomorrow.

H.E. Hussain Ibrahim Al Hammadi was appointed Minister of Education in 2014 by His Highness Sheikh Mohammad Bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE and Ruler of Dubai. He is also CEO of the Emirates Advanced Investments Group of companies.

Synergy Software Systems is a Microsoft President’s Club member and implements solutions for the Education sector, such as: specialised Admissions and Billing in Dynamics Ax, library system, classroom scheduling, as well as traditional enterprise solutions for finance, HR, payroll, CRM , T@A and the Office 365 suite of applications.

Filehold – ask Synergy Software Systems about document management for the U.A.E.

November 30th, 2015


Courier documents


Mobile document management

http://www.businessnewsdaily.com/8031-best-windows-document-management-software.html

“We recommend FileHold as the best document management system for businesses using Windows. We chose FileHold from dozens of document management system options.
Why FileHold?
Ease of use
FileHold is a self-hosted document management system for businesses using Windows computers. It has the same look and feel of programs you’re already accustomed to using, and the interface is designed specifically with Windows Explorer in mind. The filing structure incorporates the same cabinet, drawer, folder and subfolder approach that Windows uses. So, once the software is installed, employees should have no trouble grasping how to use and navigate it.
We like FileHold’s clean interface. It isn’t cluttered with icons or images. All you see when logging in is the file library running down the left-hand side of the page and a search bar along the top. The majority of the page remains blank until you start filing, searching for or opening documents. This approach keeps you on the same page the entire time you’re using the system. Many of the other systems we examined force you to toggle back and forth between pages depending on the task you’re working on.
The FileHold library structure is designed with Windows Explorer in mind.
Adding to the system’s ease of use are the MyFileHold folders, which are placed on top of the general library of cabinets and drawers on the left-hand side of the page. The MyFileHold section features separate folders for employees’ “favorite” documents, their checked-out documents, any alerts or reminders they have, the files they recently accessed and the files they recently added to the system. This provides a quick snapshot of the documents currently being worked on and the files that need immediate attention.
Each employee can customize various portions of the system with their personal preferences. This option isn’t offered by all of the document management systems we examined. When looking at specific documents, employees can choose the tools they want to be quickly accessible. Quick links can be added for a variety of tasks, such as adding files, linking documents together and checking out files. Additionally, you can choose the metadata attributes — like document type, version, number of linked files and the author — that are shown alongside the file’s name.
Filing documents within the software is simple and can be done in many ways. You can drag and drop files already on your computer or network, as well as scan documents directly into the system. The Microsoft Office integration also allows you to add documents you are working on in Microsoft Word, Excel, Outlook or PowerPoint with just a click of a button.

Microsoft Azure or Amazon AWS >

October 19th, 2015

An informative presentation from a Microsoft MVP that will help to understand what the ‘cloud’ means and what factors need to be considered. Cost security governance, scalability, services, public, private or hybrid – a common sense introduction.

Software selection – human considerations

October 3rd, 2015

To Organise and to manage a software selection project is not so easy. If you cannot get a critical mass of people deeply involved in the accounting software selection project, then think twice before starting. Change management is often given only superficial consideration. A new tool is of little use if no one uses it. It does little good for a company to spend $500,000 on anew accounting software, or ERP software when the people who will be using the accounting software systems cannot, or will not operate it effectively.

Is your company organized for success (culture, leadership style, business processes and finally business management . If not then you need to consider more carefully the role of the implementation partner and not blame the software.

In addition to the usual questions of :
• Can the software systems do what you the businesses needs?
• What operating and hardware configuration do I require?
Also ask
Do your employees have the ability to utilize these software or ERP solutions effectively?
Hoc an I change that?
Does my implementation partner offer industry and business knowledge and track record of enabling that change process in a company like mine?

Businesses try to work to policies- which are based on predetermined assumptions, conditions, processes, statutory and other constraints, and if effect embody pre-defined decisions. decisions.

The real world is full of exceptions. Companies use information to control day to day operations relating to the production of goods and services. This information is used to control budgets and cash flows and the best utiisation of assets. . Managers combine the latest information with their managerial experience to make sound business decisions within the policy guidelines..

The negative side is that this information is of little use when the data is not updated correctly on time, and or is not integrated. Thus all functions need to participate and collaborate- if one drops out and relies on manual or Excel systems alone then the integration loop is broken and “system” does not operate effectively. The key to the effective utilization of accounting software systems is the effective production of and access to timely a, accurate meaningful information to ensure timely informed decision making at all levels of the organisation. “Knowledge is power.”

Managers can make faster and better or worse decisions based on the available information ,but they may not even be aware they need to take a decision without information whether in an inquiry screen or a report, a bI dashboard, an alert or a kpi.

Advanced software can be sued to auto decide some decisions, or to make recommendations e.g mrp. or forecasting tools. genrall software systems do not make decisions. People do. When people are not provided with the tools they require to make these critical decisions, it’s very likely mistakes will be made. Some of these decision taking responsibilities are imposed upon by the market in which the company competes. Some are imposed by the owners or managers interpretation of how the business should be operated. However, the methods by which these decisions are made can only be formulated by each individual person, and that is why the software/human relationship is so importsnt.

Each person in any company is unique. So when defining just what software systems consider the unique needs of each person with whom the accounting software systems will “integrate” or how you will select those unique people who will be comfortable with the system

Each person who will be processing transactions (e.g. customer orders) must be given the opportunity to express their personal needs, for it is these people who will be required to operate the system. Further, each manager who will be making decisions based in part upon the information produced by the accounting software systems must express their reporting needs as well (e.g. Business Intelligence, Performance Metrics, and Exception Management ). It is only after these needs are identified and understood recognized that the broader corporate strategic needs should be defined.

At the core of these considerations is a clearly understood definition of what the company is to do strategic objectives , and it must do well in order to succeed- tactical excellence. The way a company organizes itself and controls the flow of information into and out of the accounting software systems, determines to a large degree how successful the accounting software systems will become.

As individual people define their needs, do not limit their responses to factors relating only to the software systems. Let them express their needs with respect to how they fit into the overall business, what information they require when, in what format, from other people, where potential bottlenecks may occur, and in general how the manual side of the business management processes should be controlled.

Selection of a new software systems does not eliminate the need for business process control procedures, and it is those procedures impact on the effectiveness of the new accounting software systems. Some people swear will champion software systems or ERP solutions, while others will believe those are seriously flawed and will cling to old, manual systems. Some will be reluctant to share knowledge- the basis of their experience and seniority. Some may fear new technology. others may worry more about social change – reporting to a new boss, working in a different office. Most people adopt new technology is every day life a new phone, car, tv etc, but don’t so easily change their personal relationships.-

One person sees the software systems as a friend, while the other as a threat. You cannot compare your new wife to your old girlfriend fi you want a long and happy marriage. All people, whether they have had computer experience or not, have developed some personal definition of what they consider to be “good” software systems. If the software systems you purchase meets these pre conceived notions, the task of learning and operating the system will be relatively easy. If the system does not make sense to people, then they will resist entering data, and undergoing training and errors will be made. Evaluate the degree of fit between your employees and the accounting software systems you are examining during your software selection project. The cultural fit with the consultants is equally important.

Tyr not to impose a new software systems on people. Consider whether they feel their opinion is as important as others, and that that the accounting software systems will assist them personally. WIFIM “What’s in it for me?”

While you might argue that first impressions can be changed over time, andc omputer system can seem quite a daunting challenge to . The operator, whether it is accountant, bookkeeper, or clerk can be suffering silence. This suffering might reach the point where the person is willing to consider another job.

No amount of patience, encouragement, or training will reduce this suffering. Mistakes will begin to occur more frequently as well. If the person does not leave, you may have to face the grim decision that their mistakes can be corrected only by removing them from the job. Has this achieved anything positive? Certainly not! If too many critical people in the organization resist the software systems, you can consider the selection project a complete failure. That’s why this evaluation of personal needs is so very important.

Any multi-user accounting system or ERP solutions will be operated by a number of different people with different job functions and different skill levels. The larger the system becomes, the more diverse these individual abilities become, and the more critical an evaluation of their relationship to the accounting system becomes.

Perhaps the least skilled person who might be called upon to operate the accounting software systems is a warehouse manager or even a shipping or receiving clerk.
Does the system meet their needs?
Does the menu structure segregate their input screens into one logical area?
Does the language used, particularly Help Screens, talk to them on their skill level?
Will the processing methodology make sense to someone with their relative skills and educational background?
Do they have to work in multiple systems?

I cannot emphasize enough the importance of training. If you want to remove fear, then you have to build confidence.
You need to reduce errors, not only for the business to avoid fear of personal embarrassment. These result from a lack of experience I.e training and practise with the new software systems.
Invest the time in practical training – understanding a demo does not make you fluent in transaction entry or in report analysis. Reading the highway code is not enough for you to drive – you also need 40 hours on the road experience. You also need an instructor by your side for sometime and to be formally tested and certified. If the investment in training appears formidable, then beware. The major lesson that those who implement cite is that they unde-rbudgetted time for training. Don’t be fooled by those who calm they can configure and get you live in a month or so with an accelerator, or a blueprint . Configuration is a relatively simple, job. Defining the right configuration need user interaction and the testing, To make that work needs their training and practice time. Transforming a an install into a working implementation is another matter. It is not enough to buy a tool you have to understand the many different ways to use it and build up skill.

Depending upon the vendor or product reseller you have selected to provide your accounting software systems, you will probably have several options open to you. If your system is a large multi-user installation, you might want to consider sending several people to a regional or national training seminar lasting several days. While expensive on the surface, this intensive class room oriented environment will enable these people to develop a detailed knowledge which can be passed on to others. Train the trainer really works.

Demonstration accounting software systems are excellent training tools. An even better one is a training company with your own Chart of Accounts, vendors, customers, and employees. This provides people the opportunity to experience a “real” data processing environment without running the risk that errors will lead to catastrophes.

One last point should be discussed with respect to training. Some people will find it difficult, if not impossible, to make the transition to new accounting software systems, or from one accounting software system to another, perhaps more powerful ERP solution.

While you might wish the accounting system or ERP solution could be installed with minimum problems, this may be your most significant hurdle. If the installation of integrated accounting software systems is the best alternative for your company, what is to be done with those people who cannot, or will not make the adjustment?

You must face the very real possibility some people may have to be replaced. It’s not a very pleasant thought, but do not delude yourself into thinking all people will be as excited about new accounting software systems as you are. Business is not easy sometimes, and this is one of those times. I do not like the idea any more than you do, but changes may be necessary for the good of the company and its employees.

Ask yourself if you know how to organize and control an accounting systems selection project. One of the greatest dangers is people assuming they know when in fact that are ignorant. They do it rarely in their business life. Can IT or choose a finance system, do they really know how to select a vendor or a solution? Manger’s need to have confidence in their decision making but often they do not know how to evaluate facts outside their core functional area, nor even what facts are needed to evaluate a solution. Its too easy rush into a demo and to benchmark everything against the first software seen .

In practice its better to spend sometime discussing your business needs, your change management challenges, and the business case and to focus on the implementation partner understanding and expertise. the right partner will guide you through the process and will not waste your time with inappropriate solutions, and then the demo will have some relevance to your needs. and you will have a better idea how to evaluate it.

Security – major threats revealed – August 2015

August 8th, 2015

A major vulnerability plaguing Firefox has Mozilla warning users to update the Web browser to Firefox 39.0.3 to fix the vulnerability The browser is set to automatically update by default, but users should manually check to ensure that the update has indeed gone through.
An advertisement on a news Web site in Russia was offering an exploit for the browser that searched for specific, sensitive files, before uploading those to a server that appeared to be located in the Ukraine.
The vulnerability allows hackers to violate the browser’s same origin policy and inject script into a non-privileged part of Firefox’s built-in PDF viewer. Same origin is a security practice in which a Web browser allows scripts running from one Web page to access data from a second one, if both pages are from the same origin. The bug allows an attacker to read and steal sensitive local files on the victim’s computer.
Mozilla said that since the vulnerability is specific to its PDF Viewer, versions of the browser that do not contain the PDF Viewer, such as Firefox for Android, are not at risk.
The company said that the exploit leaves no trace of itself on the local machine, making it difficult for users to know if their files had been compromised. Mozilla urged users running Firefox on Windows and Linux systems to change any passwords and keys for programs targeted by the exploit. Mac users were not vulnerable to the particular exploit found in the wild, but would be vulnerable if another hacker designed a payload targeting Macs.

Firefox users on Windows machines should change the passwords for the following files: subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients.

Linux users, meanwhile, should change passwords associated with global configuration files such as /etc/passwd, user directories including .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts

Before the dust has had a chance to settle on one major security flaw uncovered in the Android mobile operating system, a second massive vulnerability — dubbed “Certifi-gate” — has burst onto the scene.
The new vulnerability can allow attackers to “gain unrestricted device access, allowing them to steal personal data, track device locations, turn on microphones to record conversations, and more,” according to Check Point. The problem cannot be completely fixed with a patch.

Check Point has a scanner app that Android users can download from the Google Play Store and run to determine whether their devices are vulnerable. The Certifi-gate vulnerability allows applications to gain illegitimate privileged access rights that are normally used to support remote applications, according to Check Point. Those applications might have come pre-installed on the device, or been intentionally downloaded by the user, but currently there is no way in Android to revoke the certificates that allow those privileged permissions.

This latest flaw “affects hundreds of millions of Android devices, as most popular OEMs (original equipment manufacturers) have collaborated with these vendors. The same scale applies to the previously disclosed Stagefright vulnerability, which potentially affects 95 percent — about 950 million — of Android devices.

Google, Samsung and LG this week said they would start providing more frequent — about once a month — security updates for their Android devices. Google’s own Nexus devices are not affected, nor has the company seen any attempts to exploit the vulnerability.

Apple users have largely skirted the bugs, viruses and other malicious software that plague Microsoft Windows and Google’s Android. But this flaw in Apple’s OS X is serious enough to sound the alarm.
German security researcher Stefan Esser published details about a zero-day vulnerability in OS X without telling Apple first and hackers moved quickly to exploit the flaw. It’s an adware installer that actually modifies a file that controls who can run what commands on a machine while Thomas was testing it.

The Sudoers File

The sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how. The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.

The worse part is that Apple has reportedly known about the zero-day vulnerability for quite some time because another security researcher had disclosed it previously.
There is no good way to protect yourself, short of installing Esser’s software to protect against the very flaw that he released into the hands of hackers worldwide, which introduces some serious questions about ethics and conflict of interest.
Another Apple bug, Thunderstrike 2, which will be revealed at Black Hat security conference in Las Vegas this week, is more concerning. That’s because firmware bugs can cause lots of headaches for both regular users and advanced users and are almost always harder to eradicate than any other bug.

A massive hack infiltrated Yahoo’s ad network for at least seven days, according to Malwarebytes’ official security blog- this anti-malware security company, discovered the attack and immediately notified the search company. With more than 6.9 billion visitors to Yahoo’s Web site every month, the attack, which began on July 28, constitutes one of the farthest reaching malware attacks ever recorded.
The hackers pulled off the attack using Web sites for Microsoft Azure, a cloud computing platform and infrastructure used for building, managing, and deploying applications and services. The scam worked by redirecting users to an Angler exploit kit, off-the-shelf software containing easy-to-use packaged attacks on known and unknown vulnerabilities.

Malicious ads do not require any type of user interaction to execute their payloads. Just visiting a Web site that contains malicious advertisements can be enough to trigger an infection.
Yahoo said it took immediate action when it learned of the campaign, and would continue to investigate it in the future. Because of the large number of visitors to Yahoo sites, it is difficult to know exactly how many Internet users have been affected.

The subtlety of a malvertising attack, combined with the complexity of the Internet advertising market, make it a difficult security challenge to overcome. That might be part of the reason such attacks are increasing. The number of malvertising attacks spiked in the first half of this year, registering a 260 percent increase over the same period in 2014,

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, director of research at RiskIQ. “There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on Web sites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”

“This machine-to-machine ecosystem has also created opportunities for cybercriminals to exploit display advertising to distribute malware,” according to the company. “For example, malicious code can be hidden within an ad, executables can be embedded on a Web page, or bundled within software downloads.”

Management Reporter Updates and tips – Synergy Software Systems, Dubai

June 18th, 2015

This video describes how to create side by side reports with Management Reporter

Management Reporter offers a variety of formatting tools to automate reporting and to quickly put reports in the hands of stakeholders. This video introduces the ability to add dynamic report headers to calculated columns to avoid having to manually edit report headers prior to generating a report. Especially useful for consolidated information and rolling fiscal reports

This video describes how to suppress drill down on specific lines of a report in Management Reporter.for example you may not want to allow drilldown on salary details.

MR CU12 was initially released for the USA in April and is now available for all regions.
It contains all of the enhancements and bug fixes from hotfixes 1-4, including:
• Indication of currently active reporting tree node
• Added the ability to use BASE+1:12 in the column definition
• Report generation performance improvements
• Additional fixes for product defects

HF1, HF2, HF3, HF4
As well as the additional fixes that were added post-HF4:
•Ability to exclude NP rows from exporting to Excel by disabling the export of formulas
•Ability to export NP rows at the Account and Transaction detail levels
•Additional fixes for exporting to Excel where you would receive an operand error when exporting with formulas enabled
•Additional fixes for product defects
Version Information: Management Reporter CU12 RTM – 2.1.12000.26

Management Reporter bugs are now visible in Lifecycle Services (LCS) Issue search. Issue search is another great tool within LCS to help with troubleshooting. Currently both Microsoft Dynamics AX and Management Reporter bugs are searchable.

For Management Reporter, bugs will be visible through LCS when they are triaged to be fixed. Additional updates in LCS will occur when either a cumulative update or hotfix is available to fix the issue. To see a list of current known issues, you can search for “known issue” and restrict the product to Management Reporter 2012.

In order to access Issue search, you can do the following:

1. Navigate to http://lcs.dynamics.com

2. Click Sign in

Note: You must use the same credentials that you use to access CustomerSource or PartnerSource. If you don’t have access to CustomerSource, then you will only have access to an evaluation version of LCS, which does not include Issue search

3. Accept the Microsoft Online Services Agreement if you haven’t already signed in before

4. Create a project

5. Click the + button under Recent projects to create a new project

6. Fill out the project details including Name, Product name, Product version, Industry, and Methodology. Any settings should be fine as long as you don’t select a pre-sales type of project

7. Scroll to the right and select Issue search

8. Begin searching

Synergy Software Systems, Dubai – in top 5% of Microsoft Enterprise Resource Partners

June 17th, 2015

We received confirmation from Microsoft of our attainment of the new Enterprise Resource Competency which has been by less than 5% of Microsoft Global Partner Network.

That ‘s why you can be assured of a successful, Synergy Software Systems Implementation – a 100% track record of successful projects with Dynamics Ax since we started the practice in 2003. Its also why the Highest Customer Satisfaction Award for 2014 also has Synergy’s name on it.

We are proud of our professionals.

We receive similar accolades across our solutions- for years the word in the hospitality industry is “go with Synergy and sleep a night” and why many of our Sunsystems customers have been loyal for over 15 years.

Value ultimately comes from competence and attitude and the results consistently shows that the right partner will give the right solution, service, support and price and deliver the right value.

Adoption of Basel Regulatory Framework 8th progress report

June 14th, 2015

The Basel Committee on Banking Supervision (BCBS) has updated and published its eighth progress report on adoption of the Basel regulatory framework as of end-March 2015.
BCBS’ monitoring reports have been published semi-annually since 2011 and focus on the status of domestic rule-making processes to ensure that the Committee’s capital standards are implemented in jurisdictions according to internationally agreed timeframes.
The Basel III framework builds on and enhances the regulatory framework set out under Basel II and Basel 2.5.

Leverage ratio: In January 2014, the Basel Committee issued the Basel III leverage ratio framework and disclosure requirements following endorsement by its governing body, the Group of Central Bank Governors and Heads of Supervision (GHOS). Implementation of the leverage ratio requirements has begun with bank-level reporting to national supervisors and public disclosure on 1 January 2015.

Net stable funding ratio: In October 2014, the Basel Committee issued the final standard for the net stable funding ratio (NSFR). In line with the timeline specified in the 2010 publication of the liquidity risk framework, the NSFR will become a minimum standard by 1 January 2018. The monitoring of the status of adoption of the NSFR is planned to start with the next progress report in October 2015.

The only GCC company reviewed in the report was Saudi Arabia.
SAMA through its Circular # 351000133367 on 25 August 2014 issued its final guidance document on the Leverage Ratio disclosure requirements. The
aforementioned SAMA Circular is effective from January 2015.
The D-SIB framework has been finalised and the relevant regulation has
been issued for implementation by January 2016 through SAMA Circular # 351000138356 (issued in September 2014).

Allegion announce a new release of the IF-6020 – version 1.79

June 1st, 2015

The IF-6020 version 1.79 is going was released on May 29, 2015.

In addition to the implementation of features that enhance the performance of the system, note:

IF-6020 version 1.79
1. The number of person record fields is increased. As of version 1.79, it is possible to enter longer remarks in the fields on the new “Info 4″ tab in the person record.

2. Visitor management in the WebClient isoptimized. Thus, work processes are more clearly structured and more effective.

3. The number of reports is increased from 100 to 1000.

4. The escalation check is enhanced to include month accounts. . For example, according to a company agreement, only two flexitime days are allowed to be taken per month. If a request is made for three days, a reject message is returned.

5. Support of new technologies: MS SQL Server 2014, Oracle 12g and Windows 8.1 are now also supported.

Known bugs have also been fixed.

Microsoft Azure Stack announced this week at Microsoft Ignify 2015

May 6th, 2015

Microsoft Ignite this week- the company announced that it is making available a version of Azure that can be hosted in your own datacenter.
The new software, called Microsoft Azure Stack allows you to run your own version of the company’s cloud platform on your own servers. The idea is that you’ll be able to use the same application development and deployment techniques from the hosted cloud platform on your own terms.
Azure Stack is essentially everything you see on the hosted version of the company’s cloud service, including the portal, in a single package for running on premise. The software will be available for the first time “this summer.”

Microsoft’s competitors like: Amazon’s EC2 and Google Cloud Compute don’t provide offerings for hosting your own service.

Summary of Technet Guest post by Mike Neil, General Manager for Windows Server, Microsoft:
Chicago at the Microsoft Ignite conference

Hybrid cloud is an ideal solution for many organizations bringing together the agility of public cloud and the control of on-premises systems.
“Today, we are announcing several new solutions that will continue to expand the industry’s most complete cloud:
• Microsoft Azure Stack, a next generation cloud infrastructure that brings Azure IaaS and PaaS capabilities to customers’ datacenters.
• Windows Server 2016 and System Center 2016, the next versions of the popular application platform and management solutions.
• Microsoft Operations Management Suite, a new hybrid management solution that helps you manage your corporate workloads no matter where they run: Azure, AWS, Windows Server, Linux, VMware, or OpenStack.”

Building Hybrid Clouds
Microsoft is the only cloud vendor that both builds, and runs its own hyper-scale datacenters and delivers that same technology back to customers’ and partners’ datacenters.

Next wave of cloud infrastructure.
Microsoft Azure Stack
- Microsoft Azure Stack delivers IaaS and PaaS services into your datacenter
- Easily blend enterprise applications such as SQL Server, SharePoint, and Exchange with modern distributed applications and services while maintaining centralized oversight.
- Azure Resource Manager (just released in preview last week), gives consistent application deployments every time, whether provisioned to Azure in the public cloud or Azure Stack in a datacenter environment. This approach is unique in the industry and gives developers the flexibility to create applications once and then decide where to deploy t later – all with role-based access control to meet your compliance needs.

- Azure Stack includes a scalable and flexible software-defined Network Controller and Storage Spaces Direct with: – automated sync and failover.
Shielded VMsand Guarded Hosts to bring “zero-trust” software-defined security to your private cloud. Securely segment organizations and workloads and centrally control and monitor access and administration rights.

Preview Azure Stack starting this summer.

New Technical Preview of Windows Server 2016 – Now Available
The next version of Windows Server will introduce Windows Server Containers and Hyper-V Containers (expected in the third Technical Preview of Windows Server 2016 this summer).

Windows Server 2016 will also offer Azure Service Fabric, a platform for building and hosting application services that automatically scale and heal, bringing you the same underlying technology used to power highly scalable services like Skype for Business, Azure SQL Database, and Cortana.
The second Technical Preview of Windows Server 2016. offers a first look at Nano Server. Extending the advanced virtualization features:
• Rolling upgrades for Hyper-V and Storage clusters for even faster adoption of new updates and operating systems.
• Compute resiliency so virtual machines (VMs) continue running even if the compute cluster fabric service fails.
• Storage Replica updates for synchronous storage replication for affordable backup and disaster recovery.

Managing a Hybrid World
Today’s hybrid reality means applications and data are spread across multiple vendors’ environments. While you may not control all the platforms they run on you still need to manage and control these assets to help your organization meet business, compliance and regulatory needs.
Microsoft Operations Management Suite (OMS)
OMS now extends your System Center investments and Microsoft best practices to simplify management of your assets at a lower cost than competitive solutions, wherever they live-
- any instance (physical, virtual or container)
- and any cloud, including: your data center, Azure, AWS, Windows Server, Linux, VMware, and OpenStack,
OMS tracks and manages:
Log Analytics: collect and search millions of records in seconds across thousands of machines to identify the root cause of operational issues.
Security: identify malware status and missing system updates, and collect security related events to perform forensic, audit and breach analysis.
Availability: enable application and data protection for all servers and applications, no matter where they reside with cloud-based backup and site recovery.
Automation: orchestrate complex and repetitive operations for more efficient and cost-effective hybrid cloud management.

Expect cloud-based patching, inventory, alerting, container management, and more later in the year.

New Technical Preview of System Center 2016 – Available This Week
System Center 2016 has new; provisioning, monitoring and automation capabilities for your software-defined datacenter. iT adds:
• Improved Linux management, including Desired State Configuration (DSC) support, native SSH support, and improved LAMP stack monitoring.
• Software Defined Datacenter management, including mixed mode cluster upgrades, enhanced Scale-Out File Server (SOFS) management, and deployment of software-defined networking (SDN) at scale.
• Powerful new monitoring for Azure, Office365, SQL Server and Exchange.

FATCA and the UAE January 2015

January 12th, 2015

The governments of the US and the UAE have reached an agreement in substance, a model 1 Intergovernmental Agreement (IGA).
The UAE has consented to disclose this status.

In accordance with this status, the text of such IGA has not been released and financial institutions in the UAE are allowed to register on the FATCA registration website consistent with the treatment of having an IGA in effect until December 31, 2014.

More than 100 countries including India, China and Russia have already entered into agreements with the US on the Foreign Account Tax Compliance Act (FATCA) and with new FATCA requirements coming into effect on 1st of January 2015 applying to U.S. and non-U.S insurers and insurance brokers, large portions of the financial services sector are being affected.

After a relatively quiet four-year ramp up, America’s global tax law is now being enforced.

FATCA requires foreign banks to reveal Americans with accounts over $50,000 and considering the risks of being frozen out of U.S. markets, everyone is complying.

Firms that fail to comply with FATCA will be subjected to a stringent 30% withholding tax on any US sourced income even if they do not have any US customers.

The compliance aspects being forced upon financial services firms globally by the US tax authorities are complex and costly. It includes amending everything, from more thorough KYC requirements to changes in the account opening processes for new customers to take into account the new information required under FATCA, and systems will have to be updated to comply with the withholding taxes if so required. Insurers and insurance brokers will have to comply with new information gathering and reporting rules when U.S. insurance and reinsurance premiums are sent outside the U.S.

A Model 1 IGA is treated as ‘in effect’ by the US Treasury as of May 21, 2014. (http://www.treasury.gov/resource-center/tax-policy/treaties/Pages/FATCA-Archive.aspx)
On 3 June 2013, the Governor of the DIFC signed a Memorandum of Understanding with the UAE Ministry of Finance which named the DIFC Registrar of Companies as the DIFC’s contact point for any international tax agreement entered into between the UAE and another country. FATCA is an example of such an agreement.

According to DIFC release as of 17 November 2014, “The reporting form will be available (for financial institutions) on the Registrar’s website at a time agreed and instructed by federal officials. Further instructions will be circulated as soon as the reporting framework is in place, and the guidance will be made available to DIFC entities as soon as it is finalised by the Ministry of Finance”.

Who will be affected by FATCA?
• Banks and deposit taking institutions;
• Trust company – Custodial institutions;
• Investment entities – those businesses involved in trading in transferable securities; money market instruments, foreign exchange derivatives etc.; individual or collective portfolio management or otherwise investing, administering or managing funds, money or financial instruments on behalf of other persons;
• Certain types of insurance companies that have cash value products or annuities;
• Family offices would be included in the definition;
• Certain holding companies or treasury centres.

FATCA objective

Disclosure of assets and income of U.S. taxpayers (US person) held with foreign financial institutions.

Definition of US person:
• a citizen or resident of the United States,
• a domestic partnership,
• a domestic corporation,
• any estate (other than a foreign estate) and
• any trust if:
1. a court within the United States is able to exercise primary supervision over the administration of the trust, and
2. one or more United States persons have the authority to control all substantial decisions of the trust.
How will financial institutions be affected?
If a Foreign Financial Institution (FFI) fails to address FATCA requirements promptly, all relevant US-sourced payments, such as dividends and interest paid by US corporations, will be subject to a 30% withholding tax.
The same 30% withholding tax will also apply to gross sale proceeds from the sale of relevant US property.
This will be inconvenient for the customers of the Foreign Financial Institution who will then need to claim refunds from the U.S. IRS after proving that they are non U.S. persons, and not liable for tax.

The definition of a Foreign Financial Institution which is an Investment Entity in Model 1 IGA covers:
• Investment managers;
• Investment advisors;
• Fund administrators.
However, the IGA includes a deemed compliant category for Investment Advisors and Managers, whereas an Investment entity established in a FATCA Partner Jurisdiction can obtain a status of Non-Reporting Financial Institution if it is a financial institution solely because it:
• Renders investment advice to, and acts on behalf of, or;
• Manages portfolios for, and acts on behalf of a customer for the purpose of investing, managing or administering funds deposited in the name of the customer with a Financial Institution other than an Non-Performing Foreign Financial Institution (NPFFI).

It is important to note that if an Investment Advisor / Investment Manager provides services of investment advice or manages portfolios of customers whose funds are deposited with the financial institution which is non-compliant with FATCA, or is located in a jurisdiction other than a FATCA Partner jurisdiction, the DFSA regulated Investment Advisor / Investment Manager might have FATCA reporting obligation for those clients.

According to a notice1 from the UAE Central Bank, at the start of 2014 banks and other financial institutions in the UAE must complete the following actions to facilitate the signing of the IGA:
1.Identify customer accounts that are a “US Reportable Account”, which is defined as a financial account maintained by a reporting UAE financial institution and held by one or more specified US persons or by a non-U.S. entity with one or more controlling persons that is a specified U.S. person (implementation date: 19 November 2013).
2.Adopt FATCA’s due diligence procedures for identifying and reporting on US Reportable Accounts and for payments to certain nonparticipating financial institutions (implementation date: 1 January 2014).
3.Prepare relevant systems for establishing electronic connection to the Central Bank’s FATCA Reporting System, currently in development. All banks and other financial institutions should expect to be contacted for this purpose during the first quarter of 2014 (implementation date: 1 March 2014).
4.Be prepared to register via the IRS portal to obtain a “Global Intermediary Identification Number” (final registration date: 1 November 2014).
5.Adopt reporting procedures specified in the IGA (first report for 2014 must be sent to the Central Bank by 1 August 2015).

The Central Bank, with help from a US law firm, will provide legal support and conduct workshops to assist banks and other financial institutions in implementing the FATCA requirements.

New FAQ on IGA registration issued by IRS

On 22 December 2014, the IRS posted updated FAQs regarding IGA Registration to the FATCA website. This update acknowledges Announcement 2014-38 and addresses whether Reporting Model 1 FFIs in certain jurisdictions need to register and obtain a Global Intermediary Identification Number (“GIIN”) before 1 January 2015. This update confirms that a jurisdiction which was treated in 2013 as if it has an IGA in effect, but which has not yet signed an IGA, retains such status beyond December 31, 2014, provided the jurisdiction continues to demonstrate firm resolve to sign the IGA that was agreed in substance.
New Form W-9 and accompanying instructions released by IRS

The IRS has published on its website a new revised version of Form W-9 (revision date December 2014) as well as the Instructions for the Requestor of Form W-9.

Ask us about BRS Analytics Regulatory reporting platform.