"So how was the HITRUST Conference?" I asked the Network/Server Admin I tasked with the initial HITRUST requirement fact finding.

"They expressed a lot of doubt that we were going to be able to do this with an IT staff of 3," he replied.

"Doesn't surprise me, but we are going to do it." And you know what? We did it. In 7 months!

While the context of this article may be within the completion of HITRUST Certification, the question is really a much larger question. It's a question I get a lot. How big does my IT department need to be?

Every company will of course be different, but the answer for a small, medium sized enterprise should likely be smaller than it currently is. But it takes three things to accomplish this.

1. The right Technology Executive that cares about the P&L
2. The right hires and structure of the team
3. The right system

Let's take a look at each of these.

Technology Executive

A lot of Technology Executives are not true Executives. They were great technology people who got promoted along the way, but they do not have a P&L mindset, nor do they really care about using technology in a way that actually does what technology should do: reduce headcount while not sacrificing growth. They often care more about their respect and standing within the broader IT Community than the high performance of your P&L. Throw in a singular focus area within IT (i.e. Infrastructure, but no experience on Security or Development) and you have a recipe for an inefficient and costly IT Department.

Right team. Right structure.

After that, keeping an IT Department small and efficient requires the right team members. Most companies could get away with a Network/Server Admin with Security experience, a Full Stack Developer, and Help Desk Technician. As your company's needs grow, you can easily expand out from here. In Healthcare that might mean splitting the Network/Server Admin duties by creating an InfoSec position. After that, split the Full Stack developer duties by creating a Database Administrator. Or probably vice versa outside of Healthcare. Add HelpDesk Technicians as support tickets grow (but only after benchmarking the number of reasonable tickets completed in a day). Too often though expanding the positions is done way too early and for the wrong reasons (i.e. compensating for underperforming team members, structure or leadership).

Right System

This one is the easiest to overlook. Your system setup dramatically impacts your ability to stay small, efficient, secure and nimble. Are your systems fully integrated or are they all decentralized? Think about it just at one layer: for every system you have, there are separate usernames and passwords. For every set of usernames and passwords, there are that many password reset requests to help desk. If you expand out from there, you realize there are more databases to maintain and backup. There are more security scans to be done. There are more security holes to patch and or be concerned about. There is a higher likelihood of outsourcing, which presents its own costs, inefficiencies, and insecurity. In short, the system(s) you implement will make or break the performance of your IT Department and your company as a whole.

Vy Technology is a big proponent of integrated, simplified systems. There is an immense amount of value in having one or two total systems. Anything else should (and can) be integrated with an API.

Only when all three align can you have an efficient, nimble, and high quality technology operation that is not only secure, but cost effective. If you have a feeling yours may not be, reach out to us. We'd love to discuss how you can save money and improve security.