Posted in Career, Infrastructure, Job Descriptions, Policies & Procedures, Security & Compliance
Tagged best practices, Career, cio, IoT, IT Management, List, Operations Management
Top 10 CIO concerns for the New Year
Top 10 CIO concerns – Janco Associates has just completed an informal survey of 75 CIOs and developed a list of the top 10 concerns they have and will be the their driving forces for the next several months.
- Innovation and competitive edge over others in the same market
- Meeting management’s IT Portfolio alignment needs
- Security and privacy while meeting records management requirements
- Operational adaptability of IT infrastructure
- Improved productivity
- Simplified SDM to more rapidly deploy IT products and services
- Impact of market and business changes
- Controls and compliance cost improvements
- Staffing of talent for the newest technology
- Ways to generate revenue with IT technology deployments
How to Guide for
Cloud Processing and Outsourcing
ISO Compliant – Including ISO 31000
“How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship,” says a CIO of a Fortune 100 company.
10 steps to World Class IT portfolio management
IT Portfolio Management is key to the success of every CIO and IT organization. Janco Associates has found that many world class CIOs all follow these basic steps.
- Create an inventory of all business oriented applications
- Establish cost to run applications
- Collaborate with business units to determine value of applications
- Track investments costs and returns in concise reports that can easily be compared and contrasted.
- Identifying the relationship between investment performance and business projections and objectives, across time.
- Develop annual ROI summary and review with business units
- Make specific business and technology recommendations to maintain a healthy balance within the portfolio.
- Adjust portfolio based on newly available data and technologies
- Make long term strategic recommendations and establish a baseline budget based on performance and established objectives
- Identifying new investment opportunities that could fit into the established portfolio and the wider aims of the business
You can get all of Janco’s templates in its IT Management Suite. When you do that you save over $2,500 and when implemented your enterprise is positioned to have a “WORLD CLASS” Information Technology function. You will be in compliance with all mandated requirements including all US and International requirements.
Blog readers special limited time discount – 40% off
Discount – Readers of Janco Associates blog have an opportunity to save 40% off an any product in Janco’s catalog. The requirements are that the order must be:
- Paid by credit card or check – see payment information
- Orders are placed on Janco’s shopping cart at
- Not available to resellers
- Completed by 12/31/2014
- Enter the discount code Blog14 when the order is placed
This is a limited time offer and may be removed at any time by Janco Associates, Inc.
Posted in Career, Disaster Recovery, Infrastructure, Job Descriptions, Policies & Procedures, Security & Compliance
Tagged best practices, byod, cio, Cloud, cyber attacks, data center management, discounts, h-1b, infrastructure, IT Management, List, Operations Management, risk assessment, risks, securitry risks, video
IT Compensation up as CIOs turn on hiring spigot
IT Compensation up – Janco has just analyzed the latest Labor Department (BLS) data and interviewed almost 100 CIOs finds that hiring of IT Pros is on the upswing.
The three month moving average for IT job market growth trend for IT Professionals is up for the first time in several months.
Data is as of July 2014.
- IT compensation for all IT Professionals has increased by 0.33% in the last 12 months.
- CIOs compensation has stayed flat in larger companies and increased in smaller and mid-sized companies in the past 12 months. The mean compensation for CIOs in large enterprises is now $182,645 (up 0.24%) and $168,214 (an increase of 1.52%) in mid-sized enterprises.
- Positions in highest demand are all associated with the quality control, BYOD implementation, and service level improvement.
- Over the long term IT executives have fared better in mid-sized companies than large companies.
- IT Job growth has slowed. In 2013 the IT job market grew by 36,500 (January thru May) versus 32,200 in 2014 according to the Bureau of Labor Statistics (BLS) — at the same time not all of the IT jobs lost in the recession have not been recovered.
- Lay-offs seem to have tapered off, however some companies continue to cut the size of the IT organizations.
- Cost control is still the rule of the day; however we have seen an increase in the number of “part-timers” and contractors who are focused on particular critical projects. This has resulted in few IT Pros getting health coverage
- On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
- Mandated requirements for records management systems and electronic medical records have increased the demand for quality control staff and custodians (librarians) of mechanized records.
- Companies are continuing to refine the benefits provided to full time IT professionals. Though benefits such as health care are available to 80%, IT professionals are now paying a greater portion of that cost.
Container Based Applications is the next big deal
The next major shift in the IT infrastructure market is here – container based applications. Historically, 10 years ago virtualization, currently public cloud, and now Containers are changing the way users interact with the Internet.
Containers are the next logical step beyond virtualization. Where virtualization slices a server up into many virtual machines, containers can run on top of bare system to allow many applications to run autonomously. It’s an additional layer of abstraction that can make applications portable across public and private clouds. Containers basically wrap an application to make them portable.
Containers with platform and infrastructure may be a big deal. The change today is limited to new application development. We are a few years from existing applications being rebuilt for containers, or from enterprises moving well-running applications into smaller containers, but for new web-scale applications development, the future is containers.
- CIO IT Infrastructure Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- Backup and Backup Retention Policy (more info…)
- Blog and Personal Web Site Policy (more info…) Includes electronic Blog Compliance Agreement Form
- BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
- Google Glass Policy Template (more info…) Includes electronic Google Glass Access and Use Agreement Form
- Incident Communication Plan Policy (more info…) Updated to include social networks as a communication path
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info…) Includes 5 electronic forms to aid in the quick deployment of this policy
- Mobile Device Access and Use Policy (more info…)
- Patch Management Policy (more info…)
- Outsourcing and Cloud Based File Sharing Policy (more info…)
- Physical and Virtual Security Policy (more info…)
- Record Management, Retention, and Destruction Policy (more info…)
- Sensitive Information Policy (more info…) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
- Service Level Agreement (SLA) Policy Template with Metrics (more info…)
- Social Networking Policy (more info…) Includes electronic form
- Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
- Text Messaging Sensitive and Confidential Information (more Info…)
- Travel and Off-Site Meeting Policy (more info…)
- IT Infrastructure Electronic Forms (more info…)
IT Job Families are being reviewed by many CIOs
IT Job Families – As the economy starts to turn around CIOs are beginning to look at hiring more IT pros. In the process of doing that the are looking at the documentation they have for the positions that they need to fill. Many CIOs are finding that the existing job descriptions and “pay grades” are not where they should be.
To that end Janco has created a CIO HR and Staffing Management Kit which address the shortfalls of many of the CIOs HR infrastructure. The Kit contains:
- Over 260 full IT Job Descriptions which have recently been updated to meet all of the latest technological and mandated requirements
- IT Job Families Classification system which is focused at hiring, promotion planning, and compensation setting.
- Interview and Hiring Guide with tools to aid in creating an process which accelerates the recruiting and hiring of the right IT Professionals
- Latest IT Salary Survey with data from over 500 organizations in North America.
Chief Digital Officer (CDO) now is needed to leverage digital strategy
Chief Digital Officer’s (CDO) time is now. CIOs understand that digital is central to their business and career success. World Class CIOs are focusing on the digital footprint of their customers, products, and competitors. New competitive advantages will be based on digital operations and insights.
Digital business promises to convergence people, business, and things and will disrupt existing business models. While 75% of all CIOs and business executives say their company has a digital strategy, only 15% believe that their company has the skills and capabilities to execute on that strategy. A piecemeal strategy of bolting on digital channels or methods is no longer sufficient.
The CDO is not only a digital expert, but also a seasoned general manager
The requirement for ‘powerful digital leadership’ to drive strategy and execution is a necessity. But how many leaders really have experience in this? Is this learning on the go, or is it about having a CDO and team that has a totally digital focus.
Is there an ideal way to navigate through this journey and also connect better with industries and companies? The CIO and CDO are in excellent positions to help the enterprise decide which approach(es) it should take to manage total digitization.
HIPAA Omnibus Update
The HIPAA Omnibus Update rules contain a number of changes to HIPAA Privacy, Security, and Breach Notification rules. Recently patient rights under HIPAA have been expanded to include several new rights of access: mental health records, electronic copies of records and laboratory test results. These changes must be respected by every covered entity and business associate to stay in compliance with the HIPAA rules through modifications to policies and procedures.
Not only the compliance rules but the enforcement rules have also changed. Now with the new four-tier violation schedule the mandatory fines for willful neglect of compliance starts at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000.
Computer Science and IT Job Market Improve in September
IT job market improved in September as 13,200 new IT jobs were added. For 2014 there have been 69,000 jobs added
IT Job Market – Recent data from the BLS that was analyzed by Janco shows that the job market has improved slightly. That was the plus side. On a negative note there were over 70,000 computer science majors that graduated from US universities but only 69,000 IT jobs were added during the same period.
Given we are at the end of a several year contraction of the job market, it is not a good sign that there are so many entry level IT and computer science professionals.
Companies are cutting back on security spending as attacks are on the rise
Companies report that cyber-security attacks are on the rise — up 48% in 2013 but spending on information security down by 4% during the same period. Small companies have been cutting their security budgets according to the latest Global State of Information Security Survey.
This is the first drop in security spending in four years. Security spending in small companies (less than $100 million in revenue) fell by 20%, while at medium and large businesses they increased 5%.
Regardless of company size, security spending as a percentage of total IT budget has leveled off at 3.8% and shows no signs of increasing.
Recent high-profile hacker attacks on large and small corporations have highlighted their vulnerabilities. According to industry experts, in 2013 the number of reported security incidents increased 48% to 42.8 million, the equivalent of almost 120,000 attacks a day. The average cost of managing and mitigating breaches is now $2.7 million per incident.
At the same time, the average information security budget declined this year to $4.1 million, from $4.3 million in 2013.
ISO 31000 Compliance – Risk Management
Cloud processing and outsourcing add external risks to a business’ operation. The International Standards Organization (ISO) has implemented a new standard for risk management which needs to be considered when embarking on a cloud processing and/or outsourcing initiative.
ISO 31000 provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programs. Organizations using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.
A risk management policy should include the following sections:
- Risk management and internal control objectives
- Statement of the attitude of the organization to risk
- Description of the risk aware culture or control environment
- Level and nature of risk that is acceptable
- Risk management organization including policies and procedures
- Details of procedures for risk recognition and ranking
- List of documentation for analyzing and reporting risk
- Risk mitigation requirements and control mechanisms
- Allocation of risk management roles and responsibilities
- Risk management training topics and priorities
- Criteria for monitoring and benchmarking of risks
- Allocation of appropriate resources to risk management
- Risk activities and risk priorities for the coming year
Top 10 questions an interviewee should ask
Top 10 questions that should be asked before you accept a job offer from a new employer are:
- How will this position change after I’ve been here a while?
- If this is not a new position where has the prior person gone? Did they get promoted or leave? How stable is the group that I am being hired for
- How will you use my skills if the activity I am being hired for is stalled or something unexpected arises?
- What is the career path for this position? — to jobs with more responsibility? Management posts? Positions that require specific technical expertise?
- What is the project/product road-map for the next one to three years?
- What kind of training and support for ongoing education does the organization offer?
- Is there an open door policy to communicate with upper management levels within he organization?
- How will my role contribute to the overall mission of the company?
- What outcomes will you use to measure those contributions? What metrics will be in place to measure personal and team performance
- Will I have opportunities to work directly with the line organization outside of my group?
Cloud Technology Impacts Outsourcing
What makes cloud computing different from this “ordinary” system of computing is that the cloud functions as a collective computer that exists in the virtual world. The cloud uses resources and information from computers and servers, running these applications independently and making the specific hardware less important to how the applications work.
Janco Associates has just updated its CIO IT Infrastructure Policy Bundle. This is part of Janco’s continuing effort to create a set of standard ‘Best Practices’ procedures that CIOs can implement to meet the challenges they face as they adjust to the new ways that technology is being used. Included is a new policy “Outsourcing and Cloud Based File Sharing“.
The Outsourcing and Cloud Based File Sharing Policy defines everything that is needed for the data and/or application of a function, department, or area to be outsourced or file shared via the cloud.
The policy template is ready to use and is easily modified to meet the unique requirements of your company.
The policy comes as a Microsoft Word document that can be customized as needed.
The template has been updated to include an ISO audit program definition and electronic form. The policy template includes:
- Outsourcing Management Standard
- Service Level Agreement
- Cloud Based File Sharing
- Outsourcing Policy
- Approval Standard
- Base Case
Note: Look at the Practical Guide for Outsourcing over 110 page template for a more extensive process for outsourcing which includes a sample contract with a sample service level agreement
10 action steps to create a regulatory compliant acceptable use policy
These 10 actions for an acceptable use policy were extracted from Janco’s Electronic Communication Policy Template
- Enterprises create a policy is to conform to all mandates with regards to electronic communication and information storage, backup and retrieval
- All employees, contractors and associates of the enterprise will conform to the enterprise communication policy
- Formal programs to train all employees, contractors and associates will be available at frequent intervals
- The content of what is written, transmitted and saved will be reviewed to control enterprise risk
- All electronic data will be protected with the eye towards productivity and prevention of lawsuits
- Personal use of devices will be managed to minimize the leakage of data outside of the protection of the enterprise’s control.
- The enterprise has and will use its rights to monitor all forms of electronic communication
- Everyone is to assume there is not right to privacy
- Hardware and software tools are to be used to protect all access points to enterprise sensitive, confidential and personal data
- An annual review of the acceptable use policy is to be included in all operational budgets an plans