Archive for the ‘Security and Compliance’ category

End of mainstream support for Microsoft Dynamics AX 2009, Dynamics AX 2012, and Dynamics AX 2012 R2

December 29th, 2018

Reminder – End of mainstream support for Microsoft Dynamics AX 2009, Dynamics AX 2012, and Dynamics AX 2012 R2 was ‎10‎/‎05‎/‎2018

Upgrade is not trivial especially when you have lots of customisations and bespoke reports and interfaces. Plan plenty of time for conversion and for testing and contingency. There is backlog of companies who need to migrate and only a limited number of skilled consultant available.

Decide as soon as possible whether on-premise or on cloud. If on-premise then consider what extra hardware you will need and whether you also need to upgrade SQL server. Don’t forget that SQL license costs have also changed.

It is not too early to start budgeting – find out what you get and don’t get on the cloud, there are both hidden costs, (e.g. extra back up storage space) and hidden savings (e.g. electricity). What extra environments or storage will you need e.g for dev and test over those used by Microsoft. How have license types and costs changed, understand the Modern Lifecycle Support update policy, .

Dynamics AX 2009 Service Pack 1 (SP1), Dynamics AX 2012, and Dynamics AX 2012 R2:
Mainstream support fends on October 9, 2018 after that date, only security hotfixes will be provided for these three versions through the extended support period that continues until October 12, 2021.

Dynamics AX 2012 R3
Mainstream support for continues through October 12, 2021. Microsoft will provide security hotfixes, non-security hotfixes, and regulatory updates for Dynamics AX 2012 R3 throughout that mainstream support period. The source code for these non-binary, non-security hotfixes and regulatory updates will continue to be available for customers active on the Enhancement Plan or Software Assurance.

Can customers on Premier Extended Hotfix Support or on Unified Support Advanced and Performance Levels get a non-security hotfix or regulatory update?

No. Neither non-security hotfixes nor regulatory updates will be available for Dynamics AX 2009 SP1, Dynamics AX 2012, or Dynamics AX 2012 R2 during the Extended Support phase of the product lifecycle.

While the ability to request a non-security hotfix for select products is included with Unified Support Advanced and Performance Levels, Microsoft has determined that non-security hotfixes cannot be provided with a commercially reasonable effort for these products. As a result, no requests for non-security hotfixes or regulatory updates will be accepted.

However, Microsoft will continue making security hotfixes, non-security hotfixes, and regulatory updates for Dynamics AX 2012 R3 throughout that mainstream support period. The source code for these non-binary, non-security hotfixes and regulatory updates will continue to be available for customers, and their partners, active on the Enhancement Plan or Software Assurance. Dynamics AX 2009 SP1, Dynamics AX 2012, and Dynamics AX 2012 R2 customers can selectively integrate those changes as required. Customers and partners can get the source code from packages attached to relevant Dynamics AX 2012 R3 KB articles published on LCS and discoverable through LCS Issue Search.

Will I still get a regulatory update for Dynamics AX 2009 Service Pack 1, Dynamics AX 2012, and Dynamics AX 2012 R2?

No, Microsft will only provide regulatory updates for Dynamics AX 2009 Service Pack 1, Dynamics AX 2012, and Dynamics AX 2012 R2 for regulatory changes with the law enforcement dates on or earlier than October 9, 2018.

What happens if a new bug is found by a customer in Dynamics AX 2009 Service Pack 1, Dynamics AX 2012, or Dynamics AX 2012 R2?

The bug must be reproducible in Dynamics AX 2012 R3. If it is reproducible and accepted, then a hotfix will be provided for Dynamics AX 2012 R3 and the customers can elect to integrate this hotfix in their version themselves, or work with their partners to integrate the changes.

How are binary hotfixes handled for Dynamics AX 2009 Service Pack 1, Dynamics AX 2012, and Dynamics AX 2012 R2?

If a hotfix is needed for a part of the system where Microsoft does not provide the source code and it is not a security bug, then a hotfix will not be provided.

To discuss a move to Dynamics 365 Finance and Operations call Synergy Software Systems your Dynamics Partner for over 15 years : 009714 3365589

Get ready for year-end close in Dynamics AX and Dynamics 365 with Synergy Software Systems, Dubai.

December 20th, 2018

There many tasks to be done for the Fiscal year-end closing process.
Those include task for all functions not just finance.
For over 10 years Synergy has conducted Year end training courses to help prepare Dynamics users for their fiscal close.
Our 2 day workshop encompasses:
Key tasks and sequence
Tips and trick
Key reports,
Use of MR and Power Bi
Sales, Supply chain, HR, IT tasks
Hands on practice
The course content applies to almost all versions and will be run in Dynamics Ax 2012 R3. it will however will also introduce the Dynamics 365 Financial closing workspace.

Date: 2 day course: 09.00 – 17.00 8th and 9th Jan 2019
Venue: SYNERGY SOFTWARE SYSTEMS. Al Karama, Dubai.
Ample parking and bus stops and metro nearby.
For a trouble-free and timely, year-end close, book today.
Experienced, expert instructors.

Shared Access Signature (SAS) token authorization model and Dynamics 365 systems

November 29th, 2018

In November 2018, all ACS components were permanently shut down. This affects all requests to the service i.e. those fail. This includes the Access Control management portal, the management service, secure token service, and token transformation engine rule. Microsoft made changes to Azure Service Bus that affect Microsoft Dynamics AX 2012 Azure connector, and impact email workflow approvals, companion/mobile applications, and vendor portals. It also affects any other application or service that uses Access Control Service (ACS).

If for example you use Dynamics AX 2012 mobile or tablet applications for time and expense management, and/or approve workflows via email, then be aware of the changes to Azure Service Bus. The Microsoft Dynamics AX 2012 Azure connector uses the Access Control Service (ACS) for user authentication. The management of authorization rules is managed inside by the Azure Active Directory Access Control Service (ACS), and the tokens obtained from ACS are then passed to Service Bus to authorize access to functionality in AX.

ACS is now replaced by Shared Access Signature (SAS) token authorization model. A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key. A shared access signature provides delegated access to resources in your storage account. With a SAS, you can grant clients access to resources in your storage account, without sharing your account keys. This is the key point of using shared access signatures in your applications–a SAS is a secure way to share your storage resources without compromising your account keys.

To continue using email workflow approvals, mobile applications, and other Dynamics AX features, if you have nit already done so then you will need to migrate your components previously using Access Control Service (ACS) to Shared Access Signatures (SAS). This token model is provided directly by Service Bus and can be used without any intermediaries through access to the SAS rule name and rule key.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-acs-migration

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/walkthrough-update-service-endpoint-acs-sas-authorization

RPA certifications for Synergy Software Systems, Dubai

November 25th, 2018

I am pleased to announce that following extensive training over recent weeks two of our consultants have already achieved certifications.

If you have an ROA project in mind and need support for your project from a proven, local. UAE partner then please call Synergy Software Systems on 0097143365589

Making Tax Digital (MTD)

November 19th, 2018

If you have U.K operations then be aware of Making Tax Digital (MTD), a transformational approach to taxation in the UK from HMRC. The first change is coming in 2019 and will affect every organisation from processes to how systems are set up to record and report tax.

This will affect all companies with U.K, financial operations and all financial software. From April 2019, businesses that are registered for VAT and have turnover above the VAT registration threshold of £85,000 will be required to keep digital records for VAT purposes and submit their quarterly VAT return updates to HMRC through functional compatible software

The new VAT record keeping rules requires that all applicable VAT return data is digitally linked so that transactions can be traced from source data (i.e. purchase/sales ledger) to VAT return completion and upload.

Key benefits for businesses include improved visibility over their tax situation and easier access to tax information online; enabling businesses to plan and budget more effectively, driving performance and growth

With Making Tax Digital, the new regulation from HMRC going live from 1 April 2019, it’s time to start preparing. This is similar to the legislation already implemented in the U.A.E. which we have done for both infor SunSystems, and Dynamics 365/Dynamics Ax.

Which versions of Dynamics AX will Microsoft be ‘Making Tax Digital’ compliant?

Any Dynamics product that is still under mainstream support will get an update from Microsoft to ensure full compliance. This means for Dynamics AX only Dynamics AX 2012 R3 will be automatically updated. Microsoft have not confirmed when this update will take place – there are still some further details to come from HMRC.

Receiving the Microsoft update may not be enough to guarantee full compliance – there will likely need to be a number of small updates such as capturing the right fields and updating commercial forms, and reporting format that will need to be confirmed.

In addition, by April 2020 you will need to ensure all of your processes are fully digital.

ROI On Microsoft Dynamics

November 14th, 2018

what’s the true return on investment (ROI) for an average Dynamics 365 deployment?”

Thanks to a newly released independent analysis from Nucleus Research, we can reveal the answer:

For every dollar spent, companies realize an average of $16.97 in returns.

According to the report summary, “this is significantly higher than the average for both enterprise resource planning (ERP) and customer relationship management (CRM), which deliver, on average, $7.23 and $8.71 respectively. Nucleus found that companies taking advantage of Microsoft’s investments in cloud and usability, as well as integration and analytics, were able to achieve significant returns by increasing productivity and revenues and reducing costs.”

The report dives in the value drivers for the cases, and revels that the common elements to the financial success of deployments include:

• The ability to integrate Microsoft solutions with existing applications and data sources
• The enablement of new lines of business, such as cross-selling and up-selling with field service
• A focus on a standardized, easy-to-use user interfaces—the familiar Microsoft look and feel that can help speed up onboarding and user adoption
• Cost savings and greater innovation realized by deploying cloud-based Microsoft business applications
• The focus on improving user productivity by automating, or standardizing, repeatable manual processes

The report is a fascinating read that we invite you to explore on your own. If you are interested in investing in the modern Dynamics enterprise system system then contact Synergy Software Systems and we will send you a copy.

0097143365589

IFRS 9

November 7th, 2018

The Standard includes requirements for recognition and measurement, impairment, de-recognition and general hedge accounting. This standard has replaced IAS 39 and responds to the criticisms that IAS 39 was too complex,
inconsistent with the way entities manage their businesses and risks, and defer the recognition of credit losses on loans and receivables until too late in the credit cycle.

The new standard is based on the concept that financial assets should
be classified and measured at fair value, with changes in fair value recognized
in profit and loss as they arise (“FVPL”). That is unless restrictive criteria are met for classifying and measuring the asset at either Amortized Cost or Fair Value Through Other Comprehensive Income (“FVOCI”) subject to a special
FVOCI designation option for investments in equity instruments, only
loans, receivables, investments in debt instruments and other similar
assets ( “loans and receivables”), can qualify for measurement at Amortized Cost or FVOCI. The key questions are whether:
• The objective of the entity’s business model is to hold assets only to collect
cash flows, or to collect cash flows and to sell (“the Business Model test”),
and
• The contractual cash flows of an asset give rise to payments on specified
dates that are solely payments of principal and interest (“SPPI”) on the
principal amount outstanding (“the SPPI test”).

Both of these tests determine whether to account for an instrument at
Amortized Cost or FVOCI

IFRS 9 specifies how an entity should classify and measure financial assets, financial liabilities, and some contracts to buy or sell non-financial items. IFRS 9 , deals separately with the classification and measurement of financial assets, impairment and hedging.

IFRS 9 requires an entity to recognise a financial asset or a financial liability in its statement of financial position when it becomes party to the contractual provisions of the instrument. At initial recognition, an entity measures a financial asset or a financial liability at its fair value plus or minus, in the case of a financial asset or a financial liability not at fair value through profit or loss, transaction costs that are directly attributable to the acquisition or issue of the financial asset or the financial liability.

So why does it matter if you are not in the Financial services sector?
Any entity with long-term loans, equity investments, or any non-standard financial assets, or only holding short-term receivables may find that it requires
significant changes to its financial reporting as the result of this standard.

Possible consequences of IFRS 9:
Income statement volatility. More assets will
have to be measured at fair value with changes in fair value recognized in
profit and loss as they arise.

Earlier recognition of impairment losses on receivables and loans,e.g. trade receivables. Entities will have to provide for possible
future credit losses in the first reporting period that a loan goes on the books
– even when it is highly likely that the asset will be fully collectible.

New disclosure requirements—the more significantly impacted may even need new systems and processes to collect the necessary data.

IFRS 9 is an opportunity for balance sheet optimization, enhanced efficiency of
the reporting process and cost savings.

Before your year end audit consider the possible impact on financial statements, systems, processes, controls.

Financial assets

When an entity first recognises a financial asset, it classifies it based on the entity’s business model for managing the asset and the asset’s contractual cash flow characteristics, as follows:

Amortised cost—a financial asset is measured at amortised cost when both of the following conditions are met:
◦ the asset is held within a business model whose objective is to hold assets in order to collect contractual cash flows; and
◦ the contractual terms of the financial asset give rise on specified dates to cash flows that are solely payments of principal and interest on the principal amount outstanding.

Fair value through other comprehensive income—financial assets are classified and measured at fair value through other comprehensive income when these are held in a business model whose objective is achieved by both collecting contractual cash flows and selling financial assets.

Fair value through profit or loss—any financial assets that are not held in one of the two business models mentioned are measured at fair value through profit or loss.

When, and only when, an entity changes its business model for managing financial assets it must reclassify all affected financial assets.
Financial liabilities

All financial liabilities are measured at amortised cost, except for financial liabilities at fair value through profit or loss. Such liabilities include derivatives (other than derivatives that are financial guarantee contracts or are designated and effective hedging instruments), other liabilities held for trading, and liabilities that an entity designates to be measured at fair value through profit or loss (see ‘fair value option’ below).

After initial recognition, an entity cannot reclassify any financial liability.

Fair value option

An entity may, at initial recognition, irrevocably designate a financial asset or liability that would otherwise have to be measured at amortised cost or fair value through other comprehensive income to be measured at fair value through profit or loss when doing so will either eliminate, or significantly reduce a measurement or recognition inconsistency (sometimes referred to as an ‘accounting mismatch’) or will otherwise result in more relevant information.

Impairment

Impairment of financial assets is recognised in stages:

Stage 1—as soon as a financial instrument is originated or purchased, 12-month expected credit losses are recognised in profit or loss and a loss allowance is established. This serves as a proxy for the initial expectations of credit losses. For financial assets, interest revenue is calculated on the gross carrying amount (ie without deduction for expected credit losses).

Stage 2—when the credit risk increases significantly and is not considered low, full lifetime expected credit losses are recognised in profit or loss. The calculation of interest revenue is the same as for Stage 1.

Stage 3—when the credit risk of a financial asset increases to the point that it is considered credit-impaired, interest revenue is calculated based on the amortised cost (ie the gross carrying amount less the loss allowance). Financial assets in this stage will generally be assessed individually. Lifetime expected credit losses are recognised on these financial assets.

Hedge accounting

The objective of hedge accounting is to represent, in the financial statements, the effect of an entity’s risk management activities that use financial instruments to manage exposures arising from particular risks that could affect profit or loss or other comprehensive income.

Hedge accounting is optional. An entity applying hedge accounting designates a hedging relationship between a hedging instrument and a hedged item. For hedging relationships that meet the qualifying criteria in IFRS 9, an entity accounts for the gain or loss on the hedging instrument and the hedged item in accordance with the special hedge accounting provisions of IFRS 9.

IFRS 9 identifies three types of hedging relationships and prescribes special accounting provisions for each:

fair value hedge: a hedge of the exposure to changes in fair value of a recognised asset or liability or an unrecognised firm commitment, or a component of any such item, that is attributable to a particular risk and could affect profit or loss.

cash flow hedge: a hedge of the exposure to variability in cash flows that is attributable to a particular risk associated with all, or a component of, a recognised asset or liability (such as all or some future interest payments on variable-rate debt) or a highly probable forecast transaction, and could affect profit or loss.

hedge of a net investment in a foreign operation as defined in IAS 21.

When an entity first applies IFRS 9, it may choose to continue to apply the hedge accounting requirements of IAS 39, instead of the requirements in IFRS 9, to all of its hedging relationships.

IFRS 9 is effective for annual periods beginning on or after 1 January 2018.

End of Support for SQL Server 2008 and 2008 R2 on July 9, 2019

November 2nd, 2018

End of Support for:
- SQL Server 2008, and 2008 R2, on July 9, 2019
and
- Windows Server 2008, and 2008 R2, on January 14, 2020

Risks with an outdated data platform include:
• Non-compliance with GDPR and other market standards
• Exposure to unexpected attacks and security breaches
• Higher costs and inefficient data management
• Incompatibility with modern releases of business applications
• Missed opportunities for innovation and business intelligence

Options:
Upgrade to SQL 2012 or 2017
Ask us about our Advanced SQL database tools – and our special discounted bundled price offer to year end to support GDPR compliance.

Migrate to the azure cloud platform
If it also time to upgrade your servers then now might be a good time to look at a move to the cloud.

Azure Hybrid Benefit
• Save up to 40% on windows Server with Azure Hybrid benefit
• Save up to 55% on migration to Azure SQL database with Azure hybrid benefit
• Go at your own pace – move a few workloads or entire datacenters
• Maximize your investment in Microsoft software.

Paths to Upgrade and Stay Protected
Migrate apps to Azure VMs: get free extended security updates for Windows Server 2008 and 2008 R2 VM’s for 3 years after deadline.

Migrate Data to Azure managed instances or VMs
Azure SQL Database Managed Instance offers a version-free option.
Get free Extended Security Updates for SQL Server 2008 and 2008 R2 in Azure VM’s for three years after the deadline

Modernize when ready
Upgrade in Azure when ready
Or transform apps and data with Azure services

To reduce the cost of on premise servers ask about our Firewall Solutions that provides may other integrated features. Reduce the number of servers needed and the cost of supporting multiple server systems, vpn, sms, ftp, anti virus, and more all in one solution.

To discuss your options contact Synergy Software Systems a Microsoft partner since 1993.
If you are considering a Microsoft Dynamics solution on the cloud then when comparing costs do’t forget that the subscription includes not only the hardware platform but also the significant cost savings of the database, Windows server, and firewall and anti-malware software licenses, but also the savings in server rooms and electricity boils both to power the servers and the server room air conditioning. Nor is there any extra cost is for license enhancements fee for continuous upgrade versions of the ljcences. That also redcues yoru GDPR compliance challenges.

If your SQL database, or your servers, or your Windows Server licenses are due for renewal, or its time to move an any time anywhere, any device new business system then call Synergy Software Systems to discuss your options

Microsoft partner since 1994
Dynamics Partner since 2003

VAT in Bahrain – Update your Sunsystem financials with Synergy Software Systems

October 23rd, 2018

Bahrain will be the next country to implement five per cent value-added tax (VAT) after the UAE and Saudi Arabia as part of the GCC framework agreed between the six states, according to tax experts. Bahrain’s parliament in an extraordinary session ordered by royal decree. has approved the introduction of 5 percent value-added tax (VAT) in the kingdom from January 1 2019. The move must also be approved by Bahrain’s upper house.

The introduction of VAT will be a big challenge for the local Bahrain market, and businesses now have less than 3 months to be prepared for these changes. This announcement of a definitive date for the tax to become effective means that businesses should accelerate their VAT readiness preparations. Last week, Bahrain announced a fiscal overhaul meant to balance its budget by 2022, backed up by a $10 billion economic support package from Saudi Arabia, the UAE and Kuwait. The plan aims to raise $2.1 billion a year as Bahrain looks to curb its debt after years of lower oil prices.

At the start of 2018 VAT was introduced in both K.S.A, and the U.A.E. Synergy Software Systems has extensive experience of VAT implementation in business systems like Dynamics 365 Finance and Operations, Dynamics Ax, and Infor SunSystems in both K.S..A and the U.A.E, across almost 200 customers in varied vertical sectors.

VAT Registration
• The compulsory VAT registration threshold in Bahrain is BHD 37,000 per annum.
• A voluntary registration for businesses below this threshold is permitted, although this has its own minimum threshold of BHD 18,850 per annum.
• There is scope for related businesses to apply for a single, Group VAT registration.
• There is no threshold for non-resident businesses, which must register prior to their first supply. Foreign registrations may be either direct, or via a local Fiscal Representative.

Bahraini VAT rates
Generally, Bahrain follows the terms of the Agreement, including the harmonised standard VAT rate of 5%, but has a wider range of zero and reduced VAT rates to provide subsidies to the less well off in society.

Which goods or services, at what rate?:

% Zero Basic foodstuffs; domestic and international transport; new properties; healthcare; exports of goods and services; high-value metals; oil and gas; education; and medicine and medical equipment.

Exempt: Sale and lease of real estate; and financial services.

5% Standard From 1 January 2019: All other supplies of goods, or services, including imports, in accordance with the Unified VAT Agreement.

Bahraini VAT invoices
VAT invoices must contain the following information as a minimum:
• Date of invoice (and date of supply if different)
• Unique, sequential invoice number
• Tax ID number of the supplier
• Name and address of the supplier and customer
• Description and quantity of the goods supplies; nature of services provided
• Gross, VAT and net values of supply
• VAT rate applied, and explanation where not the standard rate
Invoices must be issued within 15 days following the month of supply of the taxable goods or services.

Bahraini VAT Returns
Registered tax payers must submit their periodic returns each month.
Returns must be filed by the last working day of the month following the reporting period.

Penalties for non-compliance
Timely preparation is critical because VAT is generally a self-assessed tax, and errors are often subject to severe penalties and business disruption.
Businesses that have been operating in a largely non-tax environment should already have started to prepare and to analyze in detail what the implications of the new tax will be for example on: their pricing, contracts and IT systems.
The following penalty regime for non-compliance is in place, with financial penalties and potential prison terms:
• BD10,000 for failure to register for VAT within 60 days of the required date
• Failing to issue a VAT invoice within 15 days of the month following the taxable supply
• Failing to submit a VAT return and/or pay any VAT due by the end of the month following the reporting month,

Transition rules
The following rules will apply to supplies contracted and supplied over the introductory period:
• Where invoices were issued, or payments made, prior to 1 January 2019 for post-implementation supplies, then VAT is still due. In this case, a debit note for the original invoice should be issued with the correct VAT indicated.
• Initially, goods supplied to other GCC states that have also implemented VAT (Saudi Arabia and UAE) will be treated as exports. There are plans to introduce zero-rating with reverse charge supplies to eliminate import VAT, but this is dependent on the introduction of an Electronic Services System transaction reporting platform, which has yet to be developed.
• For pre-January 2019 contracts which are silent on the VAT treatment, then the price will be VAT inclusive. This presents a cash flow risk for the supplier.

Other GCC Countries
The Sultanate of Oman announced that VAT would be introduced in 2019, most likely mid-2019.
The Kuwaiti parliament is yet to vote on the VAT bill which should be introduced in the upcoming session before the year-end. The expected timeline of introduction of VAT in Kuwait is late 2019 or 2020.

EY, estimated that a five per cent VAT rate will produce revenues of over $25 billion per annum for the six GCC countries.

Contact:
Synergy Software Systems: 009714 3365589/ 33734282
Deyafa Systems: 009714 3240066

AI why will it make any difference?

October 1st, 2018

For all the talk around the rise of AI, or Artificial Intelligence, the technology isn’t new. We use AI in our daily lives.

Predictive text is the most visible example.Google searches, Word spellcheck are examples. You frequently text a friend to meet at the mall. You type: “Meet me at the …” Your phone suggests “park” or another common place to meet. Over time, your phone learns, and the suggestions start to prioritize “mall” over other words.

A basic case is that AI:
• takes data,
• analyzes it,
• implements a solution (suggesting the next word),
• evaluates the results (recognizing that you almost always type “bar” with that friend),
• and then repeats the process with improved recommendations based on data.
• Over time, the system grows smarter.

Typically ‘triggers’ to execute a ‘script’ were ways to automate processes. A log fiel is mintored and akey word triggers a support ticket, or runs a script.Over time thje system learns and can predict and run checks before the error happens.
Other examples of AI in everyday life include pricing on ridesharing apps, facial recognition in social media and even non-player characters in video games.

Until recently, the technology was available to a few companies with deep pockets. To take advantage of AI, you had to have a big data center, specialized software and data scientists in house. We’ve reached a tipping point. With cloud-based technology, companies of all sizes can more easily plug into AI-infused applications at a much lower entry cost.
AI is the next big disrupter in many industries.

Let’s look at the wholesale trading industry. Here are two ways you can leverage AI to benefit a business:
Optimize where a team spends their time.
- Imagine the ability to direct your Accounts Receivable team to the late-paying customers that are most likely to respond.
– AI can help distributors differentiate between those who aren’t going to pay and need to be turned over to collections, and those who are more likely to pay with just one phone call.
- AI could also direct a call centre team to focus on certain times of day to increase the likelihood someone picks up the phone. Given the importance of cashflow to distributors, this is a powerful application of the technology.
- The same idea goes for a sales team. With which customers should they be spending more time? AI can identify the data points that influence purchasing, such as whether a prospect downloaded a whitepaper, they have an account exec assigned to them, or they have previously purchased related products.

It could even be something you can’t control, like the weather forecast. If it’s going to be 110 degrees, you can expect an uptick in sales of air conditioning units or parts to fix them in certain geographies. AI can identify these opportunities for salespeople. AI then adjusts those recommendations based on how customers respond, and the cycle continues.

Grow sales and margin with existing customers.
When a customer is checking out on a website, via your call center, at the counter or through another channel, how can you engage them more? Enter AI. For example, let’s say that data show that electrical contractor customers of a particular size regularly buy red, green, white and black 10-gauge copper wire at the same time. So when an electrical contractor of that size selects just red, green and white, a salesperson should be prompted to ask: “Are you forgetting black?” Chances are, the customer will add black wire to the basket.

To identify those relationships, however, and to code them into your system is a lot of work. We can do much of this already with BI analysis and on screen prompts.Add to that the evaluation of whether the offers were effective – how often they were accepted, how often they weren’t (and why) – and adjusting for that on the next sale, or updating sales scripts and offers. It becomes increasingly difficult if not impossible to do that manually across thousands of products.
AI can do this far more quickly and effectively than a human can, and can have a big impact on the top line. A foodservice distributor grew sales volume by 5% nearly overnight after turning on an AI-powered cross-sell and upsell recommendation engine on their website.

This is not just about selling online. Sure Distributors use cross-sell/upsell technology to grow share across their channels. However, they can also provide more meaningful, targeted content to make the customer’s selection process smoother and better informed, to draw his attention to designs or offers that are likely to be of interest, and so on. The ROI can be huge, and it requires very little upfront work by humans.

Pricing software is a more mature application of AI-based technology, determining the optimal price for a particular item based on lost sales, historical sales volume, competitor pricing, and potential for up sell or cross sell or repeat sell. and other data points. Hotels and airlines use revenue yield management. If it’s a business trip they may feel you will spend more in their restaurant on an expense account. I may only book when rates are cheap but I might always eat in house use, pay tv, and order wine with my meal and be a more profitable customer. If my rooms for tonight or my airline seats are less than 50% sold then I might discount heavily to ensure I sell enough to cover costs, but once past 80% I may charge a premium price because you may be desperate with little choice and a few high value sales will make up for the one or two I lose.

If a product has excess stock and is nearing the end of its shelf life, or a cinema is going to be half empty then AI can auto trigger instant sms sales promotions or happy hours but can it learn and predict and better tune the films shown in a given cinema, and whether average clothes sizes are trending bigger, or whether some colours and sizes will sell better in one branch than another and how that correlates with other data, How much is spent on marketing, what other sales are happening nearby, are temperatures going to rise, what si te epxcted change on the exchange rate or inflation rate or oil price and will that affect the number of tourist, and will revised parking fees affect who shows where and when?

is this a Big Brother nightmare, or does it mean that we are going to get better service because what we need to buy is going to be in stock even before we realise we need it.

As new younger generation z employees are hired into purchasing roles, they expect the kind of customer experience that AI-powered technology can deliver. This technology is here now. It’s not just a technical decision. There are real business benefits to using AI, including growing average order size, boosting margins and tightening customer relationships.

California Privacy Act, EU eprivacy, GDPR….

September 17th, 2018

The California Consumer Privacy Act of 2018 still doesn’t have either the public awareness nor the multi-year time to prepare as the EU’s GDPR.
Nonetheless, it will have a similarly huge significant impact on organizations that do business in the state of California.

Why should you care? Well California is the world’s fifth-largest economy, so that means it affects pretty much everyone.
Businesses – including yours- have less than two years until the January 2020 compliant deadline

Organizations are constantly at risk of paying a hefty penalty for not complying with rules and regulations that dictate how they should operate and do business.
A recent research by the Ponemon Institute and GlobalScape entitled, “The True Cost of Compliance with Data Protection Regulations” concluded that the average cost of non-compliance is now $14.82 million annually (a 45 percent increase from 2011) and is 2.71 times higher than the cost of compliance.

This means organizations are better off making the necessary investments on people, process and technology to comply with Data Protection regulations than incurring the cost of non-compliance. It’s clear that the topic of compliance is broader than just Data Protection regulations and covers other global and regional regulations, industry-specific mandates and trading partner specific contracts.

The worry is conflicting standards and how to stay abreast of everything. Colorado is also bringing out similar legislation. The UAE has also signalled that it may follow GDPR. This major implications for companies in areas of contract, insurance of liability, training, master data management, software security, encyrption, back up, policies, administration …… and a lot more cost. This not going away and it easier to start now – a plan t0 shut the stable door only after the horse has bolted is not a strategy,

An even stricter privacy law, known as ePrivacy Regulation, is currently pending abroad. The law, was approved in the last quarter of 2017 by the European Parliament and is currently under review by the Council of the European Union. While the policymakers had hoped that the ePrivacy Regulation would enter into force on GDPR Day, this obviously didn’t happened. In a nutshell, the ePrivacy Regulation is lex specialis to the General Data Protection Regulation (“GDPR”). While the GDPR applies to all categories of personal data—hard copy and electronic—the ePrivacy Regulation will typically only apply to electronic communications data, a subset. The Regulation, if adopted, would cover not only traditional telecommunications operators and providers of electronic communication services but also “over-the-top” communications services

It requires explicit consent from users for all messaging services—things like Apple’s iMessage, Facebook’s WhatsApp, and Microsoft’s Skype—before companies can place tracking codes on their devices or collect data about their electronic communications. In other words, a company could only collect data or metadata about users’ communications online when they get their explicit consent to use it for a specific purpose. When someone declines to share their data, companies will be required to provide them with the same service as someone who consents. The law was scheduled to go into effect this year, but has been held up by negotiations. https://iapp.org/resources/article/eprivacy-regulation-may-2018-draft/

The ePrivacy regulation is an update to the standing ePrivacy Directive, which was originally put into place to guarantee “right to privacy in the electronic communication sector,” according to the directive. The directive originally focused mainly on email and SMS messages, but the proposed regulation would also address data privacy in services like WhatsApp, Facebook Messenger, and Skype, along with Internet of Things (IoT) devices.
Additionally, the ePrivacy regulation will also protect metadata associated with electronic communications .

ePrivacy includes non-personal data. GDPR is laser-focused on the protection of personal data, but the ePrivacy regulation is focused more broadly on the confidentiality of communications, “which may also contain non-personal data and data related to a legal person,” the proposal states. The original ePrivacy Directive is often referred to as the “cookie law” because it imposed the need for informed consent before a firm could track an internet user with cookies. The regulation will add new clarifications and simplifications for the consent rule, along with other new tools for protecting against unwanted communication tracking and more.

Both GDPR and the proposed ePrivacy regulation reflect similar aspects of privacy, but they do so from the perspective of different legal charters. The basis for the ePrivacy regulation are Article 16 and Article 114 of the Treaty on the Functioning of the European Union. However, it also reflects part of Article 7 of the Charter of Fundamental Rights: “Everyone has the right to respect for his or her private and family life, home and communications.” GDPR, on the other hand, is based on Article 8 of the European Charter of Human Rights, which states: “Everyone has the right to respect for his private and family life, his home and his correspondence.” However, for ePrivacy, the proposal notes that the meaning and scope of Article 7 of the Charter of Fundamental Rights shall be regarded in the same way as Article 8 from the European Charter of Human Rights

Consent is just one of six lawful grounds for processing data under GDPR. If one of the other five grounds applies, consent might not be required.

The other five legal grounds are:
•Processing being required to fulfil a contract with a data subject.
•Having a legal obligation, the fulfilment of which requires you to process user data.
•Needing to process data to protect someone’s life.
•Processing being required to carry out a task in the public interest.
•Requiring data processing in order to protect your legitimate interests, or those of a third party (unless those interests clash with a good reason to protect user data).

If none of these other grounds applies then, clear consent must be given to process personal data for each specific purpose.

How you ask for consent forms a big part of the regulation. It must be presented with these features:
• Unbundled: No lumping consent for one usage of data in with another. This is particularly relevant to collecting data for marketing.
• Active opt-in: No pre-ticked boxes, with binary in/out options given the same prominence.
• Granular: Each type of data usage needs to be consented to separately.
• Named: All organisations involved in handling the data being collected must be listed by name, especially third-parties.
• Easy to withdraw: Withdrawing consent needs to be at least as easy as giving it.

Security GDPR and BA

September 16th, 2018

British Airways disclosed on Sept. 7 that it was the victim of a data breach that exposed details on 380,000 customers. The breach involved data from British Airways’ mobile application and website at ba.com. The airline noted in its advisory that stolen data did not include customers’ passport information or travel details. However, hackers stole names, addresses and payment card details of customers who used the British Airways website or mobile app between Aug. 21 and Sept. 5. To its credit BA respond promptly and apologized.

We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app, The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed, and is recommending that customers contact their bank or card provider if they made a booking or change to their booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018.” British Airways wrote in an advisory post.

The British Airways breach is the second in as many weeks that has involved a major international airline. On Aug. 29, Air Canada reported that its mobile app was breached, potentially exposing 1.7 million accounts to risk. Air Canada, however, estimated that information on only 20,000 customers accounts was stolen in the breach, which is thought to have taken place between Aug. 22-24.

The British Airways breach is potentially the first major test for the European Union’s General Data Protection Regulation (GDPR), which has strict requirements on disclosure of breaches, and non-compliance that could result in costly financial penalties.

RiskIQ detected the use of a script associated with a “threat group” RiskIQ calls Magecart. the same set of actors believed to be behind a recent credit card breach at Ticketmaster UK. The Ticketmaster UK breach was the result of JavaScript injected through a third-party service used by the Ticketmaster website, but the British Airways breach was actually the result of a compromise of BA’s own Web server, according to the RiskIQ analysis.
This skimmer is attuned to how British Airways’ payment page is set up, which tells us that the attackers carefully considered how to target this site in particular.
The suspect scripts were detected based on a daily crawl of websites conducted by RiskIQ, which gathers data on more than two billion pages a day. Focusing on how the scripts on the BA site changed over time, the RiskIQ researchers found a modified script within the BA site. Code added to a JavaScript library utilized by the BA site called an API on a malicious Web server at baways.com—a virtual private server hosted by a provider in Lithuania, using a TS certificate registered through Comodo (apparently to raise its appearance of legitimacy) on August 15.

The 22 lines of code are targeted to export the data entered in the BA website’s payment form to the malicious server when the “submit” button was clicked by a customer, with the data being sent as a JSON object. As a result, the transaction would go through for the customer without any errors, while the attackers received a full copy of the customer’s payment information despite the payment apparently being over a secure session. The attackers also added a “touchend” callback to the script, which made the attack functional for users of BA’s mobile app—which called the same, modified script.

While the modified script file’s timestamp matches with the beginning of the attack reported by British Airways, the registration date for the malicious site’s certificate, indicates that the attacker] likely had access to the British Airways site before the reported start date of the attack on August 21st—possibly long before. Without visibility into its Internet-facing web assets, British Airways were not able to detect this compromise before it was too late.

British Airways did not comment on the RiskIQ report, as a criminal investigation is still underway.

GDPR misses the mark

August 16th, 2018

GDPR took effect in May of this year, at least with regards to enforcement. A few days after the May 25 date, a German court ruled against ICANN, the company that registers domain names on the Internet and manages the global WHOIS database. The case revolves around the information collected when you register a domain. ICANN wants multiple contacts, which they’ve required for decades. However, a company in Germany that is a partner, argued that the additional technical and administrative contacts were not required for fulfilling the business that both ICANN and EPAG (the German registrar) are engaged in.
ICANN Is appealing the ruling, citing the need for clarification of what this means with regard to the law.

There is an interesting argument here to be made about what data is needed for a business purpose. I could see this being argued successfully either way, and not just in court. As a domain holder, does the registrar really need multiple different sets of personal information from me? Arguably, this is a convenience for them, that is based on tradition. However, one could argue the other way. It is a little scary that a court, with no expertise in some industry (Internet domain registration, in this case), will decide whether there is an actual business need. Can a lawyer or judge really understand what data a business needs in their daily activities?

Is it unreasonable to find technical people collecting data, not maliciously, but to anticipate what might be asked of a system, or to avoid rework. Is it wrong to collect everything that might be relevant or useful to save time on future queries?

So now we have the ridiculous situation where more and more transactions can only sensibly be done on line, but only if you agree to provide personal data as part of the terms and conditions. How does that protect anyone? I can understand that large IT companies with heavy investment in cloud data centres are happy to see legislation that makes it impossible for small companies to compete – encryption, additional training and audit costs, huge infrastructure and software protection costs to deal with hypothetical risks to data that is largely in the public domain on Face book and linked in and telephone directories. Governments have new reasons to fine companies. Auditor and lawyers have another source of income. This all drives up costs so how does that benefit the individual?

Why there is not more loud protest and outright rejection of this ridiculous legislation I don’t understand. I doubt even 20% of companies affected comply.

That does not mean that you should not take data protection seriously. The problem with GDPR is that it being applied as a sledgehammer, Companies are trying to enforce complex systems for protection of data to which there is no identified risk, or indeed where there may not even be any data stored.

If an organisation has no central documented overview of the data it holds and processes, it is highly vulnerable to fail in its stewardship of data. The will result in severe damage to that organisation. To protect anything, you have to know where it is, and who needs to use it. With data, you have to know at least its relative importance in terms of its confidentiality, integrity and accessibility. You also need to know why it is retained and how it is used within the organisation and by which role. With this information, you will then have a much clearer idea of the requirements for that data, sufficient to appropriately strengthen the organizational workflows and applications to minimize the risks to that data.

If your organisation is ever caught up in a data breach or other incident that might affect its reputation or even result in legal action, then the exercise of at least having taken information security seriously will provide mitigation for the organisation. Any organisation that takes its stewardship of data seriously and responsibly will take the next step and ensure that all data is held in an appropriate regime that will protect it from malice, disaster, conflict and human failings. They might even save on resources by reorganizing organizational data according to risk rather than by department or activity.

In a recent case not considered under GDPR the potential problems surfaced. In claimants v WM Morrisons Supermarket the High Court found that Morrisons was vicariously liable for deliberate and criminal disclosure by a rogue employee of personal data belonging to his co-workers.

The employee was an internal auditor for Morrisons. In that role he had access to personal data about other employees. However, he felt he had been unfairly disciplined over a conduct issue and as a result became disaffected. A couple of months later Morrisons’ external auditor asked for payroll data for audit purposes and the employee was asked to handle the request. The data at Morrisons’ request was downloaded onto the employee’s work computer. He passed the data to the external auditor but he didn’t delete it from his computer. Some weeks later he uploaded the data onto the internet, under the name of another employee. The individuals whose personal data was wrongly disclosed then sued Morrisons, arguing that Morrison’s was the data controller and so was responsible for the breach. Alternatively, if it was not the data controller that it was vicariously liable for the wrongful actions of the rogue employee.

The High Court accepted that Morrisons was not the data controller at the point at which the individual was loading the data onto the website. Similarly, although the Court accepted that Morrisons should have been more proactive in ensuring that the data on the employee’s computer was deleted as soon as it was no longer needed, this did not actually cause the damage. The Court’s view was that the employee would have sought to circumvent any precaution put in place, given that this was a deliberate breach designed to cause problems for Morrisons.

That left the claim for vicarious liability. Whether an employer is vicariously liable depends on there being a sufficiently close connection between what the employee was employed to do and their wrongful actions. Here, the Court accepted there was a sufficient connection and so Morrisons was vicariously liable. The employee was given access to the data through his work and was deliberately entrusted with the confidential information. Even though he had acted improperly and also used another employee’s name to post the information on the Web, his motive was irrelevant in deciding whether there was vicarious liability.

Given that around 100,000 employees were affected by this data breach, compensation could be significant. Importantly, it is not necessary for the affected employees to show that they have suffered financial loss. Individuals can claim for distress merely from the disclosure of their data. This case has worrying implications for employers. Here the employee’s actions were entirely deliberate, and even though none of the employer’s actions led to the data breach it was still held liable.

Given the employee’s actions were designed to cause problems for Morrisons, by passing liability to the supermarket, the Court’s ruling has in many ways furthered the employee’s wrongful aims.

Unsurprisingly, Morrisons intends to appeal so all employers will be watching carefully to see what happens next.

While not decided under the principles of the GDPR, this case is representative of a new data privacy environment in the workplace, with greater accountability for employers and increased employee rights. More data breach claims may follow, particularly given that it is not necessary for an individual to show loss to claim compensation.

What is clear from the case is that employers will be responsible for the employee data they hold and must apply the strictest possible controls to try to mitigate the risks presented by rogue individuals. Such controls could include: limiting the number of people who have access to personal data for work purposes, ensuring individuals who have such access only have it for a limited period, and that data security measures are in place to flag misuse of the data. Further, the personal consequences of data breaches should be outlined to those who need to have access to colleagues’ personal data for their job.

This is becoming farcical – how should a company reply to for example a request for a reference, or a credit check.
If one employee volunteer’s another’s phone number is that really something for which an employer should have liability to pay compensation?
As with other misguided legilslation this will accelerate adoption of Ai and elimination of human workers.

If ever you want proof of the law of unintended consequences this legislation is going to be high on the list.

Microsoft Ignite agenda insights to the future road map

August 14th, 2018

Microsoft recently published the session list for its annual Ignite IT Pro conference happening at the end of the September. Alook at the topcis gives a clue to its roadmap. There sessionson on the next version of SQL Server. Surface Hub 2 and Surface Go with LTE, Intune and Windows Autopilot, Windows Server 2019. New Remote Desktop services.

Last year, Microsoft used Ignite to highlight AI, intelligent edge and its futuristic quantum-computing technologies but overall the listed sessions, look more down to earth. There are two mixed-reality sessions — including “Visio Immersive,” Almost 100 listed sessions touch on AI . At Inspire Microsoft told partners the “AI Accelerate Kit”would be coming in October and include AI use cases, best practices and “Ethical AI” guidance so that seems lilley to be included.

At Ignite Microsoft will again focus on Microsoft 365,- the bundle of Windows 10, Office 365 and Intune security/management technologies.

Expect to a lot of Dynamics 365 CRM and ERP content — because October is when the next feature update will arrive for the suite of Dynamics products.

There seems to be more developer content: . ASP.NET, Visual Studio Code and Visual Studio 2017, Node.js, and sessions on linux and Docket containers, Progressive Web Apps and MSIX, the new Windows 10 application-packaging technology Microsoft is rolling out.

There are 115 sessions listed for SQL Server /Azure SQL. Mayeb we will get an insight into the successor to SQL Server 2017 — codenamed “Aris,” which is currently in private Community Technology Preview testing.

Microsoft wil lalso show the new the Surface Hub 2 and Surface Go.

Expect Windows Server 2019, Microsoft’s next major release of Windows Server, to be a hot topic -it’s due to start roll out before year end.

https://www.microsoft.com/en-us/ignite

https://www.microsoft.com/en-us/ignite/faq

September 24–28, 2018 | Orlando, Florida

End of life for SQL 2008 and 2008 r2 is only a year away

July 14th, 2018

On July 9, 2019, Microsoft will end Extended Support, for SQL Server 2008 and 2008 R2hich means no more updates or support of any kind, potentially leaving you vulnerable to security and compliance issues.
Some considerations:
That is only a year away. So time to start planning and to get it into your 2019 budget.
What applications are affected? With what new SQL version are they compatible?
Will you need to rebuy licenses? The SQL license cost is now core based and it might prove lot higher than last time so take the time to consider all options.
Should any of your applications move to the cloud?
Should you also look at upgrades to Hardware? Windows, Office, Exchange, or Business finance/erp systems in conjunction with SQL?
Is now the time to review your security solutions?
Are you going to expand, or implement heavy new processes like consolidation, budgeting, BI in then next 2-3 years?
Is your mobile network growing?

There are major enhancements at QL 2016 sp1 so we recommend you should not consider any version lower than that. By next year SQL 2017 will also have settled down.

To discuss options callus o 0097143365589