Chief Digital Officer (CDO) now is needed to leverage digital strategy
Chief Digital Officer’s (CDO) time is now. CIOs understand that digital is central to their business and career success. World Class CIOs are focusing on the digital footprint of their customers, products, and competitors. New competitive advantages will be based on digital operations and insights.
Digital business promises to convergence people, business, and things and will disrupt existing business models. While 75% of all CIOs and business executives say their company has a digital strategy, only 15% believe that their company has the skills and capabilities to execute on that strategy. A piecemeal strategy of bolting on digital channels or methods is no longer sufficient.
The CDO is not only a digital expert, but also a seasoned general manager
The requirement for ‘powerful digital leadership’ to drive strategy and execution is a necessity. But how many leaders really have experience in this? Is this learning on the go, or is it about having a CDO and team that has a totally digital focus.
Is there an ideal way to navigate through this journey and also connect better with industries and companies? The CIO and CDO are in excellent positions to help the enterprise decide which approach(es) it should take to manage total digitization.
HIPAA Omnibus Update
The HIPAA Omnibus Update rules contain a number of changes to HIPAA Privacy, Security, and Breach Notification rules. Recently patient rights under HIPAA have been expanded to include several new rights of access: mental health records, electronic copies of records and laboratory test results. These changes must be respected by every covered entity and business associate to stay in compliance with the HIPAA rules through modifications to policies and procedures.
Not only the compliance rules but the enforcement rules have also changed. Now with the new four-tier violation schedule the mandatory fines for willful neglect of compliance starts at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000.
Computer Science and IT Job Market Improve in September
IT job market improved in September as 13,200 new IT jobs were added. For 2014 there have been 69,000 jobs added
IT Job Market – Recent data from the BLS that was analyzed by Janco shows that the job market has improved slightly. That was the plus side. On a negative note there were over 70,000 computer science majors that graduated from US universities but only 69,000 IT jobs were added during the same period.
Given we are at the end of a several year contraction of the job market, it is not a good sign that there are so many entry level IT and computer science professionals.
Companies are cutting back on security spending as attacks are on the rise
Companies report that cyber-security attacks are on the rise — up 48% in 2013 but spending on information security down by 4% during the same period. Small companies have been cutting their security budgets according to the latest Global State of Information Security Survey.
This is the first drop in security spending in four years. Security spending in small companies (less than $100 million in revenue) fell by 20%, while at medium and large businesses they increased 5%.
Regardless of company size, security spending as a percentage of total IT budget has leveled off at 3.8% and shows no signs of increasing.
Recent high-profile hacker attacks on large and small corporations have highlighted their vulnerabilities. According to industry experts, in 2013 the number of reported security incidents increased 48% to 42.8 million, the equivalent of almost 120,000 attacks a day. The average cost of managing and mitigating breaches is now $2.7 million per incident.
At the same time, the average information security budget declined this year to $4.1 million, from $4.3 million in 2013.
ISO 31000 Compliance – Risk Management
Cloud processing and outsourcing add external risks to a business’ operation. The International Standards Organization (ISO) has implemented a new standard for risk management which needs to be considered when embarking on a cloud processing and/or outsourcing initiative.
ISO 31000 provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programs. Organizations using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.
A risk management policy should include the following sections:
- Risk management and internal control objectives
- Statement of the attitude of the organization to risk
- Description of the risk aware culture or control environment
- Level and nature of risk that is acceptable
- Risk management organization including policies and procedures
- Details of procedures for risk recognition and ranking
- List of documentation for analyzing and reporting risk
- Risk mitigation requirements and control mechanisms
- Allocation of risk management roles and responsibilities
- Risk management training topics and priorities
- Criteria for monitoring and benchmarking of risks
- Allocation of appropriate resources to risk management
- Risk activities and risk priorities for the coming year
Top 10 questions an interviewee should ask
Top 10 questions that should be asked before you accept a job offer from a new employer are:
- How will this position change after I’ve been here a while?
- If this is not a new position where has the prior person gone? Did they get promoted or leave? How stable is the group that I am being hired for
- How will you use my skills if the activity I am being hired for is stalled or something unexpected arises?
- What is the career path for this position? — to jobs with more responsibility? Management posts? Positions that require specific technical expertise?
- What is the project/product road-map for the next one to three years?
- What kind of training and support for ongoing education does the organization offer?
- Is there an open door policy to communicate with upper management levels within he organization?
- How will my role contribute to the overall mission of the company?
- What outcomes will you use to measure those contributions? What metrics will be in place to measure personal and team performance
- Will I have opportunities to work directly with the line organization outside of my group?
Cloud Technology Impacts Outsourcing
What makes cloud computing different from this “ordinary” system of computing is that the cloud functions as a collective computer that exists in the virtual world. The cloud uses resources and information from computers and servers, running these applications independently and making the specific hardware less important to how the applications work.
Janco Associates has just updated its CIO IT Infrastructure Policy Bundle. This is part of Janco’s continuing effort to create a set of standard ‘Best Practices’ procedures that CIOs can implement to meet the challenges they face as they adjust to the new ways that technology is being used. Included is a new policy “Outsourcing and Cloud Based File Sharing“.
The Outsourcing and Cloud Based File Sharing Policy defines everything that is needed for the data and/or application of a function, department, or area to be outsourced or file shared via the cloud.
The policy template is ready to use and is easily modified to meet the unique requirements of your company.
The policy comes as a Microsoft Word document that can be customized as needed.
The template has been updated to include an ISO audit program definition and electronic form. The policy template includes:
- Outsourcing Management Standard
- Service Level Agreement
- Cloud Based File Sharing
- Outsourcing Policy
- Approval Standard
- Base Case
Note: Look at the Practical Guide for Outsourcing over 110 page template for a more extensive process for outsourcing which includes a sample contract with a sample service level agreement
10 action steps to create a regulatory compliant acceptable use policy
These 10 actions for an acceptable use policy were extracted from Janco’s Electronic Communication Policy Template
- Enterprises create a policy is to conform to all mandates with regards to electronic communication and information storage, backup and retrieval
- All employees, contractors and associates of the enterprise will conform to the enterprise communication policy
- Formal programs to train all employees, contractors and associates will be available at frequent intervals
- The content of what is written, transmitted and saved will be reviewed to control enterprise risk
- All electronic data will be protected with the eye towards productivity and prevention of lawsuits
- Personal use of devices will be managed to minimize the leakage of data outside of the protection of the enterprise’s control.
- The enterprise has and will use its rights to monitor all forms of electronic communication
- Everyone is to assume there is not right to privacy
- Hardware and software tools are to be used to protect all access points to enterprise sensitive, confidential and personal data
- An annual review of the acceptable use policy is to be included in all operational budgets an plans
Top 10 Manager Best Practices
Top 10 Manager Best Practices – In order to be a successful manager and supervisro there are some core best practices that they must follow. There are:
- Greet each of your employees by name every day.
- Be positive and .smile.
- Use an employee’s name when you speak with them. .
- Acknowledge employment anniversaries every year and birthdays. .
- At the end of the day, ask at least one employee what went well for them that day.
- Complement employees for good work.
- Ask employees for feedback.
- Show employees how much you respect them by sharing key organizational measurements with them on a regular basis.
- Share messages of praise from customers, suppliers, managers and other employees.
- When you implement a suggestion made by an employee, make sure to let their colleagues and your managers know where the great idea came from.
- Information Technology Salary Survey – Janco collects IT salary and benefit data on a continual basis and publishes that data twice a year. Once in January and a second time in June.
Top 10 backup mistakes made by IT groups
The top 10 backup mistakes made by CIOs and IT groups have been identified by several groups. This is the list as verified by Janco Associate, Inc. (www.e-janco.com). Janco has found that only when a backup is needed and then found that it is lacking or missing do many CIOs, IT Managers, and users appreciate the complexity of the issue.
- Backing up only desktops and ignoring laptops, tablets, smartphone and other mobile devices
- Thinking that all that matters are mainframe or data center data bases
- Not understanding the differences in various deduplication solutions
- Not understanding what impact the backup processes have on users
- Not having a good grasp of the security implications due to disparate backup files
- Focusing only on what is needed today and ignoring future ramifications
- Not having a robust deployment solution defined
- Understanding the total cost of ownership for a solution or lack of a complete backup and security solution
- Ignoring BYOD implications and complications
- Not understanding he implications of the backup solution for disaster recovery and business continuity
Posted in Disaster Recovery, Infrastructure, Policies & Procedures, Security & Compliance
Tagged Career, cio, data center management, infrastructure, IT Management, mobile computing, Operations Management, securitry risks
Top 10 Project Manager Challenges
Top 10 Project Manager Challenges have been identified in a survey that was conducted by Janco Associates. One of the more interesting findings was the fact that project managers are doing more things that do not relate to the projects they are on and that is frustrating them.
The top 10 challenges that project managers face in order of importance are:
- Bureaucracy – admin overhead
- Over worked
- Under staffed
- Changes in specifications
- Changes coming too fast
- Scalability of applications
- Deadlines not agreed on
- Staff skills gaps
- Technology out of date
- Staff turnover
There a a number of full job descriptions for the various Project Manager positions in the HandiGuide that is published by Janco. These descriptions come in MS Word and PDF formats and are easily modified to meed specific organizational requirements.T he top 10 project manager challenges are all address in those job job descriptions.
Million Dollar CIO – Top 10 Characteristics
Million Dollar CIO club now includes at least 29 individuals. They all have the same characteristics.
- Title is CTO or CIO and includes a secondary title of Senior Vice President or Executive Vice President
- Have been a CIO at the company they are at now or at prior company for over 10 years
- Are managers of technology not pure technologists
- Have key direct reports who have moved along with them as they have progressed in theirs careers
- Have at least a college degree and most have an advanced degree
- Have excellent relationships with with peers in functions they support
- Are enablers for technology within the enterprise
- Participate in the executive management of the enterprise
- Are part of the strategic planning process for the enterprise
- Have specific technology goals that are aligned with the enterprise’s strategic plan
10 Best Practices to Staff – Hire and Retain World Class Creative IT Professionals
10 Best Practices – Janco Associates has found the top ten best practices that CIOs need to implement if they want to hire and retain World Class Creative IT professionals.
- Focus on the identification, nurturing and growing of highly talented people
- Actively manage collaboration among the talent pool
- Have clearly defined job requirements – The Internet and IT Job Descriptions HandiGuide is a must have document.
- Recruit from the places that turn out the top talent
- Avoid the trap of hiring the best available resource today if they do not meet all of your requirements
- Have core metrics in place to measure performance
- Cull your mistakes quickly
- If you allow your most talented people free rein to innovate, don’t stigmatize failure
- Have staff work on only on “core activities” related to the requirements of the job
- Get support staff to do the non-core activities
In a recent joint advisory for company’s disaster recovery plan issued by the US Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Commodity Futures Trading Commission’s (CFTC) Division of Swap Dealer and Intermediary Oversight it was recommended, among other things, that “firms should consider keeping their business continuity plans, contact lists and other necessary documents, procedures and manuals at the alternative site, ideally in paper form in the OKevent that electronic files cannot be accessed.”
“How important are paper-based business continuity plans?”
With more than 100 responses received, the results show that 54.4 percent of respondents believe that paper based disaster recovery plans are essential; 26.6 percent say that they are ‘quite important’; and 19.0 percent say that they are ‘not important’.
There is some variation of opinion depending on the size of the respondent’s organization. 54.5 percent of business continuity professionals in large organizations see paper-based BCPs as essential; this drops to 46.2 percent in medium-sized organizations and 50 percent in small organizations. However, 71.4 percent of those in micro organizations say that paper-based BCPs are essential.
How do you balance the disaster recovery plan risk and investment equation? Is the potential risk greater than the investment? Some facts:
- 43% of companies experiencing disasters never reopen, and 29% close within two years.
- 93% of businesses that lost their data center for 10 days went bankrupt within one year.
- 40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.
CIOs and Business Continuity Managers should plan for all situations in which normal operations are disrupted and have practices and technologies in place that enable them to deal with potential disruption from hostile, external actions as well as internal system failures.
IT Budget Requests for 2015 are up
CIOs are presenting IT budget requests for 2015. Small to mid-sized business with fewer than 250 employees are the biggest budget increase requests, while companies with 250 to 999 employees show a decline. Janco Associates surveys continue to show that hiring remains largely flat, with the bulk of the increased budget going to new end-user hardware purchases and, to a lesser extent, new cloud-based and hosted IT services.
CIOs and HR managers are challenged with many issues. Janco Associate’s in its interviews with CIO and corporate executives has identified the top 10 management staffing issues they need to address as we come out of the recession. The top 10 issues are: