Journey to a Great RMA Process
When making and selling computers, phones, tablets, IoT, or other devices, you know that eventually some of your devices will get returned. Handling the returns in a systematic manner will help your company to keep your business running smoothly. Click to download our Device Return Materials Authorization Process Infographic for our view of what puts your company on a road to a better device RMA process
If you are in the business of making and selling computers, phones, tablets, IoT, or other devices, you know that eventually some of your devices will get returned. If your devices are being used in critical applications for your customers, you know how hard it can be to process returns well. Handling the returns in a systematic manner will help your company to keep your business running smoothly while ensuring your customer satisfaction numbers do not take a hit.
What is Return Materials Authorization?
Return materials authorization (RMA) is part of the process of a customer returning a device back to the manufacturer to get the unit fixed or replaced. On the manufacturer’s side, it is processed by verifying the device returned properly and initiating appropriate actions to troubleshoot, repair, or reimage, the device. This process includes data collection, return eligibility verification, software troubleshooting, reimaging, or issuing a replacement.
Ultimately, an RMA process exists to make the return seamless to the customer and cost-effective for the manufacturer. However, not all RMA processes are created equal, and there benefits to understanding best practices for device RMAs is different than other product types. Without the right process in place, companies tend to spend an unnecessary amount of time on returns. A well-designed and automated process will help reduce the risks and increase the overall efficiency.
It is also important to establish expectations for warranty terms, follow-up actions, and return policies. Implementing such a systematic process will also help in keeping track of the various defects across categories and suppliers while leading to quick resolution of issues.
What is a Device and Why is the RMA Different?
What we mean by a device is typically anything with a smart chip, some firmware or software, and the ability to communicate over the Internet. Devices are typically covered by warranties and the RMA process is primarily executed when some part or all the device stops working. This is as opposed to something like clothing, in which RMAs are typically executed for an unliked or defective item. The RMA process for devices is inherently more complex and includes data collection, warranty eligibility verification, cross-shipping of devices, and troubleshooting and repairing of returned devices.
6 Best Practices for the Device RMA Process
An effective device RMA process can improve the reputation of your company and keep your customers up and running when your devices are being used in important applications. With the right process in place, you will be ready when inevitable defects and returns occur, so your customers can be served quickly and cost-effectively. Here are some of the best practices that can be put in place to create an efficient device RMA process:
1. RMAs Should Be Integrated to Customer Systems
If you transact the rest of your business online, then you or your customer should be able to initiate an RMA online also. At a minimum, a good RMA process will include a platform that you or your customer can use to initiate an RMA. In the best case, your RMA process should be directly integrated into the systems and processes you already use. If you use Salesforce Service, for instance, you should be able to generate an RMA request from that application. Once the process has started, RMA updates should flow back to your system also.
2. Make the RMA Simple to Track
It must be an easy task for your and your customers to log and track the return requests. It is always good to keep the customer informed at each stage of the process. This makes the entire process clear, easy to track, and provides the customer with confidence in the process.
Since most devices have serial numbers, your RMA process should use them. By also capturing accurate address information directly from a CRM, your RMA system should generate shipping labels and schedule a pickup of the device from the customer’s site. Efficiencies such as these eliminates time and possible errors that manual RMA processes routinely incur.
3. Priority Returns Need Cross-Shipping
When customers deploy your devices into mission-critical applications, they usually expect limited or no downtime when an RMA is being processed. This requires cross-shipping of a working device to the customer site to replace the RMA’d unit before it is shipped back. This may seem simple, but to execute this process well some important things need to happen: 1) the customer site information needs to be accurate; 2) return labels need to be included outbound, and 3) the RMA’d device should be able to fit in the box being used to ship the replacement unit. That requires accurate information about the field unit to get it right!
4. Return Reasons Must Be Validated
Your customers may have any number of reasons for returning a device. It may be a hardware issue, software issue, or it may be damaged from weather or third parties. However, as is often the case with complicated devices, the customer’s rationale for returning the device often does not match the actual condition of the device upon return. When the device arrives at the return center, workers must examine and boot the device to verify the return reason matches the actual issue. In best practices, both return reasons are logged for future reviews of the RMA process.
5. Allow Manual Intervention
Automation is great and most parts of an RMA process can be automated, but without human oversight at important steps in the process. It is easy to get the process out of control. Certain RMA processes allow the end-customer to initiate urgent returns without approval of the manufacturer. These kinds of returns require oversite during the process, if possible, and certainly after the process to make certain that the returns were truly needed. Inventory in the RMA system and in the warehouse can get off count quickly. Best practices require regular human inventory counts to look for discrepancies.
6. Proactively Await the Returned Product
Once a notification of a returned device or devices is in process, best practices have the return team preparing for the returned device(s) before arrival. This may include verifying parts inventory of known replacement parts, or for large returns, preparing space and time to process the returns en masse. If the devices include RFID tags or scannable marks, those IDs should be fed to the receiving system before they arrive to streamline the process and avoid exception handling.
Download our Device Return Materials Authorization Process Infographic Here.
Need a Partner to Help?
Finding the answer to RMA management can seem daunting, but Montra is here to help. With our VIA DX Device Logistics software, you can automatically track and manage your devices from fulfillment to field repairs, to RMAs and warranty tracking. Talk to us today to learn how this invaluable tool and the team that backs it can help your business optimize and streamline the way you handle all the lifecycle processes for your devices.
Too many systems, too many self-service portals. How many times a month are you or your employees being asked to update information in one of your systems – addresses, phone numbers, personal emails, bank information, emergency contacts – who has time to update all the systems everywhere.
Just think about it:
So, every time an employee does work for a new customer, or moves, or changes job title, then they would need to update every system that tracks that. Most people don’t even know what systems hold their info, much less have the time to make changes. And with more dynamic information like where they are working for the day or are the currently online, keeping multiple systems up-to-date completely breaks down.
Why do we have this problem?
The problem is that there isn’t really a system of record for employee information in most companies. Instead, there are many systems of record. What most companies have today typically looks like the following:
3 Functions an Employee Information Systems Provides
What companies really need is a centralized repository of employee information with three primary functions:
1. Employee Self-Service: Allow employees to update their own information easily and reliably
2. Secure Employee Directory: A great benefit of having reliable employee information, is that the information can then be shared internally. That said, there is far more information in the HRIS than should be published for all employees. A good employee information manager needs to have privacy settings that allow the proper handling of employee data.
3. APIs Everywhere: If the Employee Information System is going to stay valuable, it needs to have APIs to as many systems the affect employees as possible. This list can be long but should include the HRIS, Email, Slack/Teams, Phone Systems, Device Managers, Finance, CRM, and Employee Notification Systems.
It cannot be understated how important having accurate employee information available to all people and systems within a company is – especially as we move into a continually hybrid working work. Great companies will stop treating employee knowledge as tribal information exchanged between employees close to one another and will instead treat employee info the way they treat customer info – as strategic corporate asset to be treated with care and importance it should have.
Want to learn more about managing your employee information better? Contact us and we can tell you about the software and services Montra provides to get you on your own journey to great Employee Information Management. sales@montra.io
3. Keep Updates – Up to Date
While software updates often introduce new or enhanced features into your apps, programs, and systems, they also install security and performance fixes known as patches. Undiscovered defects or flaws can leave your systems exposed. Cybercriminals will exploit any vulnerability or security gap they find. Keeping your systems updated is vital for keeping your business cyber-ready.
Failure to Patch systems results in a breach. Of the companies who reported that their business experienced one or more data breaches in the past year, 57% confirmed that these breaches probably occurred because a patch was available for a known vulnerability but not applied.
Why are Security Patches Important? Security patches address known vulnerabilities within software systems. Once these flaws or weaknesses become known, cybercriminals begin looking for ways to exploit them. The sooner a security patch is installed, the faster your business can restore protection and security against threats associated with vulnerabilities. Below are the five effective elements for applying security patches:
1. Automate. With an automated system, analyzing and deploying patches can be as easy and provide significant time savings.
2. Plan your approach. Group systems by department, location, etc. to better handle your environment and more productively manage patches.
3. Test patches. Don’t just push out patches before testing them. All patches should be thoroughly lab-tested.
4. Know the configurations. Make sure you synchronize and validate your development, test, and development patch configuration settings.
5. Maintain patch levels. Be proactive and schedule scans on a daily or weekly basis to analyze the environment and deploy all critical patches.
Learn more about system updates and patches with our infographic, or contact Montra to see how we can automate and optimize your system patching process. sales@montra.io
4. Enforce Multi-factor Authentication (MFA)
Threat of cyberattack has never been greater. According to the Verizon Data Breach Investigations Report, nearly 80% percent of all data breaches are due to lost, weak, or stolen passwords. And a recent study by Omdia/Ovum, 76% of employees report experiencing regular password problems. Verifying user identity and managing access to your business data has never been more important.
One-level security or single-factor authentication is no longer enough. Even the strongest passwords are vulnerable to theft or exposure. Requiring more than one method to authenticate user identity or access permissions can reduce or eliminate the risk of stolen or unauthorized credentials being utilized.
Using Multi-factor Authentication (MFA) makes gaining access to resources more secure and less vulnerable to credential theft. MFA provides enhanced security to identity management by requiring two or more forms of authentication. Mobile devices which support push notifications or texts, can be used for one-time passcodes, or third-party authenticator applications such as Google Authenticator or Microsoft Authenticator can be used to generate one-time passcodes also.
MFA must be implemented to meet the security requirements to achieve and prove compliance for most regulatory bodies such as HIPAA, PCI DSS, GDPR, NAIC, NIST CSF, CMMC, ISO 27001, CCPA, NY SHIELD Act, GBLA, SOX and more.
Get cyber-ready by setting up all your accounts with MFA today. Download our infographic for more information on MFA and password hygiene. If you want to understand how Montra can help you set up all your accounts, contact us at sales@montra.io.
Is your business ready to handle a targeted cyber-attack? Maybe you have been attacked and don’t even know it. According to the the 2020 Thales Data Threat Report, 49% of US companies have already experienced a data breach. To help you become more proactive and effective at defending against cyber threats, we are discussing 12 Cyber Readiness Strategies over the next few blogs.
1. Have a Cyber Readiness Plan
It may seem obvious, but to properly address all of the cyber-security threats to your organization, you first need to have a plan – specifically a Cyber Readiness Plan. Your ability to quickly and cost-effectively overcome security threats or breaches determines your business’s success and survival. How you handle and protect your data is central to your business’s security and customers, employees, and partners’ privacy expectations. You need a cyber readiness plan that includes prevention, continuity, and recovery strategies. The Federal Communications Commission provides an excellent planning guide that identifies six critical areas of cybersecurity for companies to address:
1. Privacy and Data Security
2. Scams and Fraud
3. Network Security
4. Email
5. Website Security
6. Mobile Devices
Download the associated cheat sheet as an easy outline to understand each of these areas to help you quickly navigate these best practices and assess your readiness.
2. Establish Strict Policies and Procedures
Cybersecurity policies and procedures help guide secure business operations and are essential for defining the standards of business conduct, system controls, employee awareness, and workplace definitions and expectations. While establishing strict, security-focused protocols is crucial, a system of validation and enforcement is equally important. In fact, all major cybersecurity and privacy frameworks, such as NIST CSF, ISO 27001, HIPAA, and PCI DSS, all require periodic auditing or continuous monitoring to make certain that policies are properly put into operation.
To help you start building your cybersecurity policy and procedure library, we have provided a few policy templates to start. Click to download 12 IT policy templates that are critical to any IT operation.
In the third of our four-part series on trends for 2022, we are looking at device management trends. When we talk about devices we mean any physical asset that a person uses to connect to a network of information sources.
Devices are proliferating, getting cheaper, and becoming more diverse, while our use of devices is expanding in frequency, location, and types of use. Whether we are talking about end-user devices or unattended ones, devices are front and center in the IT discussion and will be for 2022.
With that in mind, the following are our trends for device management and security in 2022:
1. Cyber-Attacks on Devices Will Get Bigger and Quieter
With all the device proliferation, it’s no wonder that devices and the people that use them are now the frontline for security threats. The cloud and the systems and services that reside there are getting increasingly hardened against cyber attacks. Companies are continuing to shrink their private data centers while also getting better at securing them. This leaves devices – whether it’s an end-user device or an unattended one – as the current soft targets for cyber-criminals.
In 2022, we will see more attacks of the sophisticated variety in which devices are compromised quietly until enough devices have been coopted that they can be used together in a coordinated attack. Unattended devices at the edge of the network are particularly vulnerable to this type of attack and are likely to be used in a number edge swarm attacks.
2. Remote Management Wars Will Escalate
Everyone wants to manage user devices – the hardware companies, the OS companies, the device owners, the app vendors, and telecom service providers. They all have legitimate business and technical reasons, usually centered around better device uptime, better service availability and device and data security. There is already a turf war for client software that needs to run on each device or gateway software that aggregates information on lower-end devices. It only makes sense for a very few remote management apps to be running on the device, and in 2022, the battle for that precious real estate will escalate. Corporations will increasingly need to turn to neutral third parties to help them understand how they navigate this battle for their devices. Many companies have opted for either no remote monitoring and management or defaulted to the hardware or security vendor. As the remote worker norm sets in, companies will need to make better-informed decisions about remote device management to make certain their uptime and security goals are maintained while also keeping employee productivity high and support costs minimal.
3. Device-Cloud Will Kill Client-Server. Sort of.
“The future is already here – it’s just not evenly distributed.” William Gibson said that 18 years ago, but it applies to this world of device-cloud and client-server today. Client-server is the computing architecture that replaced mainframe and is basically a PC connecting to a local network on which there is a server (“a big PC”) that runs an application for many people to use simultaneously. That started in the 1980s and the mainframe business has been declared dead every year since. The mainframe market is still alive and kicking, but it ain’t what it used to be. And while many of us work for companies that still have some application that runs on a server, there is not one startup in the past 10 years that have reached unicorn status with a client-server application architecture.
The replacement for client-server is device-cloud or just “the cloud”. It comes in many flavors but in this context, the device is a laptop, tablet, or smartphone, and the cloud is a SaaS application or “serverless” or “native” cloud application.
There is not one enterprise software startup that will emerge in 2022 that builds their application on anything other than pure device-cloud architecture. In addition, the remote worker norm pushed client-server even closer to the grave because client-server does not perform well with large-scale remote users. The security layers that need to sit in front of client-server solutions to serve remote users create cost and performance issues. So, 2022 will be a watershed year in the corporate move away from client-server architectures, and we will find more than 80% of the screen-time of a typical user is on device-cloud apps.
4. The PC CPU War Will Move to the Front Page
The PC CPU ware has already begun, but only industry insiders have really cared. Anyone who has purchased a MacBook in the past 18 months knows about the M1 CPU and knows why it matters. The latest Macs no longer use Intel CPUs – effectively ending their 15-year run. Instead, they use an ARM chip designed by Apple and built by TSMC. The performance is incredibly fast and for Apple, there is no going back. The way ARM chips are designed and built is fundamentally different than the way traditional CPUs are built. The net of it is that large technology companies like Apple, Lenovo, Microsoft, Google, and others can design their own ARM chips and have them built by lower-cost chip manufacturers than Intel.
The ARM race has been going for a while, but in 2022 it will explode onto the front page. Apple will expand its ARM strategy, but what will make this truly mainstream is that one of the major PC vendors will launch their first ARM-based laptops. When people experience the speed difference and the faster innovation cycles for new chip designs, it will make CPUs a watercooler topic for the first time in 20 years.
5. Secure Remote Erasure of Devices Will Become a Thing
Today devices can be locked and erased remotely. This is mostly executed by companies when a remote worker has left their company and the company wants to secure the device as quickly as possible. Separately, the same devices or other devices will be shipped back to a common location, where they are erased using highly secure erasure techniques recommended by the Department of Defense (DoD 5220.22-M) or the National Institute of Standards and Technology (NIST Special Publication 800-88).
As more companies increasingly treat remote work as the norm rather than the exception, these workflows will need to merge. In 2022, more and more companies will begin to require remote secure erasure processes. This will allow companies to protect the corporate data that is stored on the remote devices, and either never retrieve the device or allow the device to ship directly to an ITAD service – saving time and money.
What are you thinking about device management and security in 2022? What are your big concerns for the upcoming year? Let us know what you think at info@montra.io.