A plain-language summary across the eight areas you asked to review: where each + stands today, the open gaps, the action we will take, and when. The headline: the core + systems are stable and backups are now verified, so the focus shifts from fixing risk to + finishing the modernization already underway.
+Core systems are stable. A live hardware check on June 24 confirmed the main server is + healthy with all drives online and backups running (an earlier alarm turned out to be a + self-corrected glitch). Microsoft 365 and the managed network are in place, and 12 staff PCs + are already migrated onto the managed domain.
The server is aging and currently running on one working power supply (its backup + supply needs service). Several PCs run Windows Home and cannot join the managed domain until + upgraded to Pro; a few are end-of-life. 31 users sit on a Microsoft license that has been + suspended.
Restore the second power supply; install the enterprise SSDs already on hand during a + planned window; upgrade Home PCs to Pro and finish the migration; replace end-of-life PCs.
Licensing now · upgrades near-term · server replacement a future project to scope together.
Email runs on Microsoft 365 with full sender authentication protecting your domain from + spoofing. All 37 phone devices are consolidated onto a dedicated, isolated voice network, and + a June Wi-Fi tune-up roughly halved wireless retransmissions building-wide.
Some wireless handsets still attach to the congested 2.4 GHz band, causing occasional + dropped calls. The phone vendor confirmed the handsets cannot be pinned to a band one by one.
Stand up a clean, dedicated 5 GHz "device" network for the phones and safety sensors, + which both vendors move their equipment onto remotely.
Per-room coverage check next on-site visit · vendor switch-over shortly after.
A modern, identity-based protection system is largely live. Caregiver accounts work + only on-site and only on approved devices, so a stolen caregiver password is useless + elsewhere. Office and clinical staff use multi-factor sign-in off-site, the clinical system + (ALIS) uses single sign-on, and shared caregiver PCs auto-lock and sign out for privacy.
File-access audit logging on the resident-data share is not yet switched on, and the + long-term audit-retention storage is approved but not built. Emergency "break-glass" admin + accounts and the signed agreement (BAA) with the clinical vendor still need finalizing.
Enable audit logging and stand up retention storage (90 days live, 6 years archived); + create break-glass accounts with security keys; confirm the ALIS agreement; complete the + caregiver lockdown one device at a time.
Audit logging and caregiver go-live are the immediate priority (P1).
Your technology vendors are inventoried: Microsoft 365, ALIS (clinical records), Vertical + (phones), Cox (internet, fiber plus a backup line), MSP360 (cloud backup), Bitdefender + (security), and your business applications (QuickBooks, Bill.com, Relias, You've Got Leads, + TELS, Focus HR, Helpany, POS).
The clinical-vendor business-associate agreement needs verifying, and there is no single + calendar tracking renewals and agreements.
Verify the ALIS agreement and build a one-page renewal and agreement tracker so nothing + lapses unnoticed.
Near-term, low effort.
Cascades is rolling out Helpany "Paul" resident-safety sensors: ceiling-mounted radar + devices that detect falls and motion. They use radar only, with no camera and no + microphone, so resident privacy is fully preserved. Roll-out is floor by floor (floors 1 + and 2 first). The clinical system and caregiver app round out the resident-facing technology.
The sensors currently share Wi-Fi with other equipment; they belong on the dedicated, + isolated device network described under Communication Technology.
Move the sensors onto the new 5 GHz device network (the vendor transitions them + remotely) and continue the floor-by-floor roll-out. If "assistive technology" should also cover + nurse-call or accessibility systems, we will fold those in.
Folded into the Wi-Fi device-network work above.
Cloud backup is now running and verified on June 24: the last backup succeeded, about + 576 GB is protected off-site, and daily changes are captured. This closed a long-standing + gap. June's planned power outage was handled with a clean, scripted shutdown and a verified + recovery, proving the procedure works.
We need to confirm the backup is a full system image (not files alone) so the server + could be rebuilt quickly after a total failure. The facility still relies on a single primary + server, so there is no automatic failover yet.
Confirm or extend backups to full-image, run a test restore, document a written recovery + plan with target recovery times, and add server redundancy with the modernization project.
Backup confirmation and test restore near-term · redundancy with the server project.
Managed antivirus (Bitdefender) protects endpoints, with Microsoft Defender and email + filtering guarding inboxes.
Coverage is not yet universal. Notably the main server is not under managed antivirus, + and leftover software from the previous IT provider is still installed and should be removed.
Enroll the main server and all remaining PCs into managed antivirus, remove the previous + provider's leftover agents, and run a coverage audit so every device reports in.
Near-term · exact coverage numbers confirmed before the meeting.
No AI system is in production at Cascades today. The nearest active item is the reporting + (KPI) dashboard you requested, which will pull key numbers from ALIS, QuickBooks, Bill.com and + others into a single view.
There is no staff policy yet for using public AI tools, which is a data-privacy risk in a + healthcare setting.
Draft a short, practical AI acceptable-use policy first; then evaluate Microsoft 365 Copilot + with healthcare safeguards; and advance the reporting dashboard as the sanctioned path.
Policy is quick · dashboard proceeds once you confirm the first key metrics.