ISO 31000 Compliance – Risk Management
Cloud processing and outsourcing add external risks to a business’ operation. The International Standards Organization (ISO) has implemented a new standard for risk management which needs to be considered when embarking on a cloud processing and/or outsourcing initiative.
ISO 31000 provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programs. Organizations using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.
A risk management policy should include the following sections:
- Risk management and internal control objectives
- Statement of the attitude of the organization to risk
- Description of the risk aware culture or control environment
- Level and nature of risk that is acceptable
- Risk management organization including policies and procedures
- Details of procedures for risk recognition and ranking
- List of documentation for analyzing and reporting risk
- Risk mitigation requirements and control mechanisms
- Allocation of risk management roles and responsibilities
- Risk management training topics and priorities
- Criteria for monitoring and benchmarking of risks
- Allocation of appropriate resources to risk management
- Risk activities and risk priorities for the coming year
Top 10 questions an interviewee should ask
Top 10 questions that should be asked before you accept a job offer from a new employer are:
- How will this position change after I’ve been here a while?
- If this is not a new position where has the prior person gone? Did they get promoted or leave? How stable is the group that I am being hired for
- How will you use my skills if the activity I am being hired for is stalled or something unexpected arises?
- What is the career path for this position? — to jobs with more responsibility? Management posts? Positions that require specific technical expertise?
- What is the project/product road-map for the next one to three years?
- What kind of training and support for ongoing education does the organization offer?
- Is there an open door policy to communicate with upper management levels within he organization?
- How will my role contribute to the overall mission of the company?
- What outcomes will you use to measure those contributions? What metrics will be in place to measure personal and team performance
- Will I have opportunities to work directly with the line organization outside of my group?
Cloud Technology Impacts Outsourcing
What makes cloud computing different from this “ordinary” system of computing is that the cloud functions as a collective computer that exists in the virtual world. The cloud uses resources and information from computers and servers, running these applications independently and making the specific hardware less important to how the applications work.
Janco Associates has just updated its CIO IT Infrastructure Policy Bundle. This is part of Janco’s continuing effort to create a set of standard ‘Best Practices’ procedures that CIOs can implement to meet the challenges they face as they adjust to the new ways that technology is being used. Included is a new policy “Outsourcing and Cloud Based File Sharing“.
The Outsourcing and Cloud Based File Sharing Policy defines everything that is needed for the data and/or application of a function, department, or area to be outsourced or file shared via the cloud.
The policy template is ready to use and is easily modified to meet the unique requirements of your company.
The policy comes as a Microsoft Word document that can be customized as needed.
The template has been updated to include an ISO audit program definition and electronic form. The policy template includes:
- Outsourcing Management Standard
- Service Level Agreement
- Cloud Based File Sharing
- Outsourcing Policy
- Approval Standard
- Base Case
Note: Look at the Practical Guide for Outsourcing over 110 page template for a more extensive process for outsourcing which includes a sample contract with a sample service level agreement
10 action steps to create a regulatory compliant acceptable use policy
These 10 actions for an acceptable use policy were extracted from Janco’s Electronic Communication Policy Template
- Enterprises create a policy is to conform to all mandates with regards to electronic communication and information storage, backup and retrieval
- All employees, contractors and associates of the enterprise will conform to the enterprise communication policy
- Formal programs to train all employees, contractors and associates will be available at frequent intervals
- The content of what is written, transmitted and saved will be reviewed to control enterprise risk
- All electronic data will be protected with the eye towards productivity and prevention of lawsuits
- Personal use of devices will be managed to minimize the leakage of data outside of the protection of the enterprise’s control.
- The enterprise has and will use its rights to monitor all forms of electronic communication
- Everyone is to assume there is not right to privacy
- Hardware and software tools are to be used to protect all access points to enterprise sensitive, confidential and personal data
- An annual review of the acceptable use policy is to be included in all operational budgets an plans
Top 10 Manager Best Practices
Top 10 Manager Best Practices – In order to be a successful manager and supervisro there are some core best practices that they must follow. There are:
- Greet each of your employees by name every day.
- Be positive and .smile.
- Use an employee’s name when you speak with them. .
- Acknowledge employment anniversaries every year and birthdays. .
- At the end of the day, ask at least one employee what went well for them that day.
- Complement employees for good work.
- Ask employees for feedback.
- Show employees how much you respect them by sharing key organizational measurements with them on a regular basis.
- Share messages of praise from customers, suppliers, managers and other employees.
- When you implement a suggestion made by an employee, make sure to let their colleagues and your managers know where the great idea came from.
- Information Technology Salary Survey – Janco collects IT salary and benefit data on a continual basis and publishes that data twice a year. Once in January and a second time in June.
Top 10 backup mistakes made by IT groups
The top 10 backup mistakes made by CIOs and IT groups have been identified by several groups. This is the list as verified by Janco Associate, Inc. (www.e-janco.com). Janco has found that only when a backup is needed and then found that it is lacking or missing do many CIOs, IT Managers, and users appreciate the complexity of the issue.
- Backing up only desktops and ignoring laptops, tablets, smartphone and other mobile devices
- Thinking that all that matters are mainframe or data center data bases
- Not understanding the differences in various deduplication solutions
- Not understanding what impact the backup processes have on users
- Not having a good grasp of the security implications due to disparate backup files
- Focusing only on what is needed today and ignoring future ramifications
- Not having a robust deployment solution defined
- Understanding the total cost of ownership for a solution or lack of a complete backup and security solution
- Ignoring BYOD implications and complications
- Not understanding he implications of the backup solution for disaster recovery and business continuity
Posted in Disaster Recovery, Infrastructure, Policies & Procedures, Security & Compliance
Tagged Career, cio, data center management, infrastructure, IT Management, mobile computing, Operations Management, securitry risks
Top 10 Project Manager Challenges
Top 10 Project Manager Challenges have been identified in a survey that was conducted by Janco Associates. One of the more interesting findings was the fact that project managers are doing more things that do not relate to the projects they are on and that is frustrating them.
The top 10 challenges that project managers face in order of importance are:
- Bureaucracy – admin overhead
- Over worked
- Under staffed
- Changes in specifications
- Changes coming too fast
- Scalability of applications
- Deadlines not agreed on
- Staff skills gaps
- Technology out of date
- Staff turnover
There a a number of full job descriptions for the various Project Manager positions in the HandiGuide that is published by Janco. These descriptions come in MS Word and PDF formats and are easily modified to meed specific organizational requirements.T he top 10 project manager challenges are all address in those job job descriptions.
Million Dollar CIO – Top 10 Characteristics
Million Dollar CIO club now includes at least 29 individuals. They all have the same characteristics.
- Title is CTO or CIO and includes a secondary title of Senior Vice President or Executive Vice President
- Have been a CIO at the company they are at now or at prior company for over 10 years
- Are managers of technology not pure technologists
- Have key direct reports who have moved along with them as they have progressed in theirs careers
- Have at least a college degree and most have an advanced degree
- Have excellent relationships with with peers in functions they support
- Are enablers for technology within the enterprise
- Participate in the executive management of the enterprise
- Are part of the strategic planning process for the enterprise
- Have specific technology goals that are aligned with the enterprise’s strategic plan
10 Best Practices to Staff – Hire and Retain World Class Creative IT Professionals
10 Best Practices – Janco Associates has found the top ten best practices that CIOs need to implement if they want to hire and retain World Class Creative IT professionals.
- Focus on the identification, nurturing and growing of highly talented people
- Actively manage collaboration among the talent pool
- Have clearly defined job requirements – The Internet and IT Job Descriptions HandiGuide is a must have document.
- Recruit from the places that turn out the top talent
- Avoid the trap of hiring the best available resource today if they do not meet all of your requirements
- Have core metrics in place to measure performance
- Cull your mistakes quickly
- If you allow your most talented people free rein to innovate, don’t stigmatize failure
- Have staff work on only on “core activities” related to the requirements of the job
- Get support staff to do the non-core activities
In a recent joint advisory for company’s disaster recovery plan issued by the US Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Commodity Futures Trading Commission’s (CFTC) Division of Swap Dealer and Intermediary Oversight it was recommended, among other things, that “firms should consider keeping their business continuity plans, contact lists and other necessary documents, procedures and manuals at the alternative site, ideally in paper form in the OKevent that electronic files cannot be accessed.”
“How important are paper-based business continuity plans?”
With more than 100 responses received, the results show that 54.4 percent of respondents believe that paper based disaster recovery plans are essential; 26.6 percent say that they are ‘quite important’; and 19.0 percent say that they are ‘not important’.
There is some variation of opinion depending on the size of the respondent’s organization. 54.5 percent of business continuity professionals in large organizations see paper-based BCPs as essential; this drops to 46.2 percent in medium-sized organizations and 50 percent in small organizations. However, 71.4 percent of those in micro organizations say that paper-based BCPs are essential.
How do you balance the disaster recovery plan risk and investment equation? Is the potential risk greater than the investment? Some facts:
- 43% of companies experiencing disasters never reopen, and 29% close within two years.
- 93% of businesses that lost their data center for 10 days went bankrupt within one year.
- 40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.
CIOs and Business Continuity Managers should plan for all situations in which normal operations are disrupted and have practices and technologies in place that enable them to deal with potential disruption from hostile, external actions as well as internal system failures.
IT Budget Requests for 2015 are up
CIOs are presenting IT budget requests for 2015. Small to mid-sized business with fewer than 250 employees are the biggest budget increase requests, while companies with 250 to 999 employees show a decline. Janco Associates surveys continue to show that hiring remains largely flat, with the bulk of the increased budget going to new end-user hardware purchases and, to a lesser extent, new cloud-based and hosted IT services.
CIOs and HR managers are challenged with many issues. Janco Associate’s in its interviews with CIO and corporate executives has identified the top 10 management staffing issues they need to address as we come out of the recession. The top 10 issues are:
IT Job Market Growth Slows
IT Job Market growth has slowed. Year to date the number of net new jobs created is only 52,700. That is barely enough to cover the new IT professionals that graduated this June.
After the “surge” of 13,400 jobs added in April, the number of new IT jobs as remained at the 10,000 level.
That when considered in like of the layoffs at major firms like HP, Microsoft and Dell does not paint a very positive picture for IT job market growth.
From what we have seen on the east coast, I believe that IT job market growth will not improve until after the election and when all of the political uncertainty case by all of the recent international events.
IT Job Descriptions
High Demand for Which IT jobs
CIOs and HR Managers are asking the question which IT jobs are in high demand. Janco found that
- Android continues to dominate the development market while Apple iPhone and iPad job market is slow.
- STEM-related work skyrockets as startups embrace the Internet of Things, with hardware and software jobs seeing double-digit growth.
- Small businesses look to content marketing as Google’s algorithm updates significantly alters the SEO processes for companies of all sizes.
- Demand for 3D printing-related jobs has increased significantly.
- More small businesses are turning to freelancers for their finance, accounting, and corporate identity jobs.
- Facebook, Twitter, and YouTube marketing falter as algorithm updates and slow growth rates plague the social networks.
In an interview of the CEO Janco Associates, Inc. the following questions were asked and answered.
Where are the fastest growing Internet jobs found?
The fastest growing internet jobs are in the San Francisco and Palo Alto area. That is were most of the new creative ideas are coming from.
What is the surprising trend in the tech sector?
The real surprise is how rapidly data driven HTML is taking hold. Hiring has been strong in this area for several months.
The fastest growing internet jobs are in the San Francisco and Palo Alto area. That is were most of the new creative ideas are coming from.
Where will the jobs be going forward?
Job growth will be in the conversion of legacy based web systems to take advantage of social media and responsive code.
How do Android developers and programmers fare compared to Apple iPhone and iPad?
Android is doing much better than iOS because of its open architecture and the lack of NEW advancements from Apple. Steve Jobs is sorely missed as Apple does not have an individual or group of individuals who have the same kind of vision as he did.
How do the layoffs at HP and Microsoft impact the IT job market?
The layoffs are a drag on the market, but only slightly. Both companies are legacy corporation and are going thru the same stagnation that IBM did when the PC came out. The question of will these companies thrive in the new market is if the can adapt. In the cases of HP and Microsoft it long term growth will be based on what competitive advantage the can present.
In the near term, there will continue to be additional adverse impacts in metro area (and countries) where there is a high reliance on jobs from both of those companies.
Why are these layoff significant and what do they indicate about the tech sector overall?
These layoffs are significant in that they show that both of these companies are mature organizations that need to focus on productivity and new product development. However they both are at the point that companies like Polaroid and Xerox were when their markets had matured and competitive advancements made “record growth” almost impossible to succeed.
Most jobs are created by new smaller companies — ie Google and Facebook.
Why have 3d printing-related jobs increased?
That is a market that will grow over time, however the “killer” “must have” application of the technology has yet to be seen.
What skills and specialties are in demand now in the tech sector?
Data driven web application skills. Also the expansion of wifi security with the move to more mobile computing.
Which companies are better to work for and why? What perks do they offer?
The best companies to work for, if you can find them, are those that are implementing new apps utilizing social media and data. Brick and mortar corporations will continue to be stressed as operating cost increase and the focus is on reduced costs. Those companies will continue to merge with others, reduce the total number of jobs, and not be very innovative.
What jobs are available?
- Enterprise Architecture designers who understand how computing will be done in the future
- Html developers who understand good GUI that is responsive to the device that is being utilized
- Project managers
- Programmer analysts with strong business backgrounds.
Top 10 Technology Lay Offs in 2014
Top 10 Technology Lay Offs in 2014 have been in major corporations. The lay offs have impacted 65,800 and are:
- Microsoft 18,000
- HP 18,000
- Siemens Unify 7,700
- SAP 6,000
- IBM 6,000
- Intel 5,000
- Dell 2,500
- Sprint 1,500
- NetApp 600
- Juniper Networks 500
These corporations continue to shed jobs as the IT market changes to be more focused on Cloud applications and user mobility. It is not clear that these organizations will continue to be industry leaders.
Notably absent from this list are companies like Facebook, Google, and Twitter. We feel these organizations will replace the old legacy organizations as industry leaders.
Top 10 indicators that you are about to be fired
Circumstance often make CIO and It Managers oblivious to the clues they are about to be fired. These circumstances include:
- An improving economy
- A jam-packed schedule
- Total inward focus to the IT function
- A shift in the enterprise’s strategic direction that the IT group is reacting to
In these circumstance there are 10 warning signs that CIOs and IT managers need to be aware of as they are the top 10 indicators that you are going to be fired or your position is going to be eliminated:
- You are excluded from important email and distribution lists
- You are asked to self-evaluate your performance
- You are given a list of things that you must do as they relate to you interpersonal and managerial skills
- Your access to key individuals becomes more difficult
- Your boss will not discuss long-term projects and budgets
- Rumors fly about organizational change that you are not aware of
- When you approach peers, they stop their conversations
- You are assigned a new direct manager who will guide you
- You asked to justify your job functions
- Your supervisor suddenly assigns task directly to your employees
- Interview and Hiring Guide – The most important aspect of any business is recruiting, selecting, and retaining top people. Janco has complied a guide with electronic forms which are centered on world class best practices developed and implemented by some of the most successful enterprises in the world. To get more information go to http://www.e-janco.com/Interview_Guide.html