IT Management Template SuiteIT Management Template Suite

Special Offer
Save  $2,500 to $6,500

You can order the IT Management Template Suite which contains all of Janco's templates, white papers, policies, and procedures.   

We can process purchase orders as long as we have a copy of a purchase order or a letter on company stationary with the signature of an individual who is authorized to purchase items of this magnitude. 

There is a company license for each item which allows you to to place the product on your enterprise's INTRANET (not INTERNET) and they can be shared by groups/ divisions/data centers within a single Country / DUNS number.  

If you order the update service at the same time you will receive that service for 18 months for the cost of just 6 months.  That is a full extra year of service.

This is the best offer that we have ever made or will make on the FULL IT Management Template Suite.

IT Manager Management Tools

The products that are included in the IT Management Template Suite are:

  • Disaster Recovery Template
  • Security Manual Template
  • IT Salary Survey
  • IT Salary Survey 10 year comparative study
  • Functional Specification Template
  • Safety Program Template
  • IT Infrastructure, Strategy & Charter Template
  • IT Service Management Template
  • Practical Guide IT Outsourcing
  • Client Server Management HandiGuide
  • Internet & IT Position Descriptions HandiGuide
  • Metrics for the Internet & IT HandiGuide
  • Internet & PC Workstation Polices & Procedures
  • Business & IT Impact Questionnaire
  • Threat & Vulnerability Assessment Tool

CIO Management Tools

IT Salary Survey  IT Hiring IT Job Descriptions IT Salary Survey  Sarbanes Oxley Compliance Tool Kit  Information Technology Service Management ITSM - Change Control, Help Desk, and Service Request

Job Descriptions IT Salary Data Outsourcing Guidelines Outsource procedures IT Infrastructure, Strategy, & Charter Template safety Program Template

 

CIO Management Tools

 

 

 

CIO and CTO Management News



IT security - Often a Myth

IT Security polices for notebooks and desktops are typically managed by restricting the choices that users have by reducing the number options that are supported. This standards-based process ensures control by reducing flexibility. But try maintaining that system when users can buy a relatively cheap smartphone with as much power as a desktop had in the early 1990s.

Furthermore, attempts by IT organizations to prevent the use of handheld devices has largely failed because of the number of tools available to work around IT policies. For example, users who are restricted from using wireless e-mail often find ways to redirect e-mail to outside ISP services, where they synchronize e-mail to their personally owned devices. This raises the security threat for enterprises because it means that control of e-mail routing has been losts.

- more info


Security Policies Should be Part of Normal Business Practices According to Federal Judge

Security Policies ProceduresA federal judge has rejected a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit. That marks the second time in recent months that a court has weighed in on what it considers basic security standards for protecting data. The case stems from a 2007 breach that exposed more than 6 million customer records.

The federal judge did not find the proposed settlement to be "fair, reasonable, or adequate." Rather than benefiting those directly affected by the breach, Ameritrade's proposed settlement was designed largely to benefit the company. The judge described the additional security measures that Ameritrade proposed in the settlement as "routine practices" that any reputable company should be taking anyway and should be defined in their normal security policies and procedures.

In September 2007, Ameritrade said that the names, addresses, phone numbers, and trading information of potentially all of its more than 6 million retail and institutional customers at that time had been compromised by an intrusion into one of its databases. The stolen information was later used to spam those customers.

As part of an effort to settle claims arising from that incident, Ameritrade this May said it would retain an independent security expert to conduct penetration tests of its networks to look for vulnerabilities.

The company also offered to retain the services of an analytics firm to find out whether any of the data that had been compromised in the breach had been used for identity theft purposes. The company also said it would give affected customers a one-year subscription for antivirus and anti-spam software.

- more info


Google Falling Behind in Browser War

Google will not fully integrate its Chrome Web browser with Microsoft's new Windows 7 operating system.

IE Market Share Trend

The news follows an announcement by the Mozilla Foundation that Firefox 3.6, the next version of the open source browser, would integrate with Windows 7 features such as taskbar thumbnail previews and Jump Lists.

        

However, according to reports in The Register, Google's internal issue tracking system indicates that work on the features has been pushed back to version 5 of the browser. Chrome is currently on the 3.0 release, while version 4 is currently in development.

Despite the scaled back ambitions, work seems to be progressing on Google's Chrome OS. An early developer build of the operating system has been leaked onto Google's Web site. Stay tuned for more details.

- more info


Free speech and the Internet challenged

The ongoing case in Cook County Circuit Court also treads into the still developing arena of Internet speech protection, experts say. Stone acknowledges that she hopes it sets a precedent for protecting minors from potentially harmful chatter directed at them online.

A woman was embroiled in a tough campaign for the Village Board when the Daily Herald published an article about the race the day before the April 7 election. She won a seat. A Daily Herald story shortly after the election noted there had been "an unusually nasty tone" in the race as the women and five other candidates vied for three seats.

On April 9, in online comments to the April 6 story on the newspaper's Web site, a person using the name Hipcheck16 wrote something directed toward women's son that women's attorney described in court filings as defamatory.

Since there have been relatively few cases like this in U.S. courts, a University of Notre Dame law professor  said there is a strong probability the court proceeding will become an important part of emerging case law.

Recent court rulings have tended to side with anonymous posters and against those who want their identities revealed. And judges are more likely to set a higher threshold when ruling on identifying anonymous sources in newspaper stories, although in this case the newspaper was merely hosting an online forum, not providing the content.

The trend has not been in the direction the women probably would like it to go.

Sensitive Information Policy

This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data.  The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals). 

 - more info


Password suggestions from Google

Security Manual - Sarbanes-OxleyA Google representative advises using unique passwords for every Web site. They suggest selecting a phrase and using the first letter of every word in the phrase or some variation of that as a password, ideally with special characters added in to make it more secure. In addition:

  • Passwords should be a mixture of letters, numbers, and symbols to minimize the risk of dictionary attacks, by which cybercriminals use programs to try every word in a dictionary database as a potential password.
  • Using personal information as a password should be avoided because that information can often be found on social network profiles and aggregated from other online sources. Stay away from the names of pets or children, birthdays, phone numbers, addresses, or the like. They are too easy to guess.
  • Do not leave passwords on notes next to your computer.
  • make sure that your password recovery information is up-to-date. After choosing a complex password, you may forget it, and you do not want the password reset e-mail going to an abandoned e-mail account or to someone who might exploit the opportunity to hijack your account.
- more info


Why are Disaster Recovery and Business Continuity Not Current and In-Complete

Disaster Recovery Plan TemplateThere are plenty of partial, outdated, or ineffective disaster and business continuity plans out there - why is it so difficult to get it right?

  • Data collection: How do you collect the data for the disaster and business continuity plan in the first place? There is no one single source for everything you need, particularly if you are trying to integrate relevant external information such as support dates, power consumption, etc. Every vendor delivers this information in different formats, different frequencies, and different vehicles - ranging from data sheets to websites to release notes.
  • Data inconsistency: How do you handle the inherent inconsistencies in data? For example, OS version numbers are often conflicting; vendors change their product names or renumber versions over time, etc. Normalizing the data (making it adhere to consistent rules and categories) is a cumbersome task and the accuracy and consistency of the data needs to be reassessed at every step.
  • Categorization: If you want to categorize the information in the disaster and business continuity plan, you have to create the taxonomy (or hierarchical categorization) for the industry data. This alone is a significant task, there are many ways to slice and dice the universe of technology products, and no standards have been defined within the IT industry to define this information in a consistent manner.
  • Manageability:  Any extensive technology disaster and business continuity plan is a large and complex data store. A spreadsheet is insufficient for storing and managing rich structured data for thousands of products and vendors. The disaster and business continuity plan should be able to track and maintain the complex relationships between technologies and categories (parent/child relationships, one-to-many mappings, and so on). Developing an appropriate, extensible data store is a complex undertaking.
  • Maintenance:  As soon as you have finished the disaster and business continuity plan, you have to start updating it. The Information Technology industry is constantly changing, which means that your work is never done. If you go through a massive effort to produce a disaster and business continuity plan for a single business function, the value of that investment is lost if you cannot keep it up to date.
- more info


IT Spending to Fall Even Further

Research from Goldman Sachs expects IT spending to start moving upwards in 2010, but a survey of British small firms finds many still worried about the impact of recession on their businesses.

The survey found a quarter of firms expect to be hit harder during the later stages of the downturn. A quarter reckoned that the first quarter of 2009 was their worst trading period but almost a third - 31 per cent - reported no fall in orders. 19 per cent of SMBs said sales had fallen over 20 per cent.

DRP/BCP Security TemplatesMetrics Internet ITDisaster Planning Audit

In the last six months 45 per cent of firms have made people redundant - a third have cut up to 10 per cent of staff.

But looking forward, 38 per cent of small and medium enterprises believe revenue falls will slow in the next six months and just over a quarter expect the downward trend to end completely by year end.

- more info


Virtual servers ignored in may disaster recovery business continuity plans

Disaster Recovery Plan TemplateAccording to the latest disaster recovery research report from Symantec, based on surveys of 1,000 IT managers in large organizations worldwide, 35 percent of an organization's virtual servers are not included in its disaster recovery plans.   Worse yet, not all virtual servers included in an organization's disaster recovery plan will be backed up. Only 37 percent of respondents to the survey said they back up more than 90 percent of their virtual systems.

Cloud based managed backup and data recovery services do exist, but they tend to be very expensive "enterprise-class" or offer mediocre consumer-oriented services.  Several issues need to be addressed before cloud base backup and recovery services are a reality:

  • Getting data from and to individual desktops needs to be automated and not overhead intense on the desktop or the network
  • Developing a  working security model that can be applied and managed universally
  • Providing verifialble data integrity to guarantee that the data is actually users data if  they  are not in private space or virtual machines
  • Creating services with service level agreements that address the risks associated with data loss
- more info


Terminated employees use alumni groups to find new jobs

With the economic downturn, former employees of high-tech companies are staying in touch by joining alumni groups to find jobs, business opportunities and socialize. There has been such a group for ex-IBM employees since the early 1960's.  The sophistication of these groups varies but not their main mission: it is all about networking.

  IT Salary Data  IT Job Descriptions

Some of the  groups that exist are for:

  • Microsoft
  • PeopleSoft
  • Oracle
  • IBM
  • Sun Microsystems

For example, the Microsoft Alumni Network, with its 10,000 members, charges membership fees and offers a range of benefits. The PeopleSoft Alumni Network makes its money exclusively from job ads on its Web site. It has about 3,800 members on LinkedIn, the social networking site for professionals. They are chiefly people who worked at the company before it was acquired by Oracle Corp. in 2005.

Some of these groups to have close relationships with the parent company, which posts job ads on the group's board and helps validate prospective alumni to ensure they previously worked at the companies.

Members can use their connections to an alumni group to search out former colleagues at companies they are interested in working for, to brainstorm and perhaps learn the name of a hiring manager and most alums are willing to help.

- more info


Top Network Security Weakness Identified by Janco

The most common security mistakes that are made on corporate web sites have been identified by Janco Associates of Park City, UT.  They are:

Top Network Security Weaknesses

  • Corporate web site is encrypted but the login process is not
  • Data validation for forms is contained in client-side JavaScript
  • Using unencrypted or weak encryption for Web site or Web server  management
  • Using weak encryption for back end managementConnect to the network from an unsecure access point
  • Sharing login credentials
  • Using only single level verification for access to sensitive data
  • Having "public" workstations or access point is connected to a secure network 
- more info


Netbooks and notebooks a high security risk

The real cost of a lost or stolen notebook is significant. Several studies show that costs average $49,000 - $52,000 per notebook based on multiple factors such as intellectual property loss and data breach, especially when a business must notify clients or the public of the breach.  Encryption can reduce that cost by almost $20,000 some surveys show that, for 55% of lost or stolen notebooks,  however, IT cannot prove a notebook was encrypted at the time of loss or theft.

In studies of over 2,600 IT and information security professionals in eight countries it has been found:

  • Over 70% of U.S. employees are allowed to store sensitive and confidential information on their notebooks.
  • Over 90% of IT security professionals reported notebook theft or loss in their organization.
  • Over 70% of lost or stolen notebooks result in a data breach.
    Almost 90%  of employees ask others to watch their notebook while traveling.


Sensitive Information Policy
One of the problems with notebook security is that anti-theft software products can be installed and uninstalled relatively easily. Software-only approaches also require that the OS is loaded and working properly, which means they may fail if the OS is compromised or inoperable. With a software-only agent, a thief may be able to circumvent the agent by reformatting or replacing the hard drive to make the notebook usable again, or remove the hard drive to another system to access the data on the disk. Employee behavior makes it even easier for thieves. For example,

  • Less than half of all notebooks are configured for encryption to protect sensitive data.
  • Over half of all employees who have encryption on their notebooks disengage the encryption solution.
- more info


Performance management - IT Infrastructure

IT Infrastructure Strategy Charter ISOIT Internet MetricsThe traditional approach to managing and creating IT Infrastructure architecture and performance management is based on traditional organizational theory. At face value, this provides the simplest and lowest-overhead infrastructure architecture, but in fact leads to a number of serious disadvantages:

In the early industrial era performance management was by carrot and stick with production lines, repetitive, and robotic jobs.

Fast forward to the 21st Century, this stereotyped, reward-and-punishment approach has increasingly limited use.

In addition, your business needs to manage a growing community of perceptive knowledge workers and 'digital natives'.

These are people and teams working on complex issues and opportunities. There is not a simple set of rules and a clear destination. Frankly, they cannot be managed by conventional performance management approaches.

Your 21st Century employees thrive on self-directedness - their work life is about autonomy, mastery & purpose.

Performance reviews remain necessary, but not in the form, most are using them - as a compliance mechanism. Mere compliance incites resistance and loathing - especially for your self-directed types.

- more info


Homeland Security communication requirements

Disaster Recovery Plan TemplateThe Department of Homeland Security stresses interoperability, flexibility and situational awareness in its statements on communications requirements, specifically:

  • Heightened Data Interoperability: While voice remains a focus, text data, image, video and multimedia are often an additional mode or form needed for a given situation. Interoperability of data communications has assumed increasing importance.
  • Flexibility: Responders must have data communications on scene, as well as away from the scene, for command control and information to complete their missions.
  • Wireless Broadband Data: Wireless broadband data means high-speed sharing of text, images and video; as well as the availability of IP-based collaboration applications.
- more info


Deciding which sites to block

Security Manual - Sarbanes-OxleyPornography sites are an obvious example, but most companies may also consider gambling and game sites as utterly unrelated to work, potentially time-wasting and block them as well. Ninety-six percent of employers who block web access are concerned about employees visiting adult sites with sexual content. Companies also use URL blocks to stop users from visiting game sites (61%), social networking sites (50%), entertainment sites (27%) ; sports sites (21%) and external blogs (18%) according to the 2007 Electronic Monitoring & Surveillance Survey from American Management Association.

OrderDownload

Janco's Security Manual Template includes everything needed to customize it to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics / sections for your security plan:

  • Compliance to ISO 27000, Sarbanes-Oxley, PCI-DSS, Patriot Act and HIPAA
  • Security Manual Introduction - scope, objectives, general policy, and responsibilities
  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements
  • Staff Member Roles - policies, responsibilities and practices
  • Sensitive Information Policy
  • Physical Security  - area classifications, access controls, and access authority
  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points
  • Media and Documentation - requirements and responsibilities
  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up
  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning
  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements
  • Travel and Off-Site Meetings - specifics of what to do and not do to maximize security
  • Insurance - objectives, responsibilities and requirements
  • Outsourced Services - responsibilities for both the enterprise and the service providers
  • Waiver Procedures - process to waive security guidelines and policies,
  • Incident Reporting Procedures - process to follow when security violations occur
  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords
  • Sample Forms
    • Business and IT Impact Questionnaire
    • Threat & Vulnerability Assessment Tool
    • Security Violation Reporting form
    • Security Audit form
    • Inspection Check List
    • New Employee Security form
    • Security Access Application form
    • Employee Termination Checklist
    • Supervisor's Employee Termination Checklist
    • Sensitive Information Policy Compliance Agreement
    • HIPAA Audit Program Guide
    • ISO 27000 (ISO 27002 & ISO 27002) Security Checklist
    • PCI DSS Audit Program
- more info


2009 IT Salary Survey - Mid Year Data

Are you paying too much or too little to your information technology staff? Are you earning what you're worth? Whether employer or employee, it is important to know what other companies are paying in total compensation for a similar position in your area. Learn how your company compares in the area of compensation. Data as of June 2009.

Salary Data January 2008 versus June 2009

 Order Salary Survey   Salary Survey Participate

The compensation study (155 plus pages in PDF or WORD and EXCEL with the data) is one of the most complete and widely used in the industry.

- more info


Metrics to Measure IT's Success

IT Internet Metrics
Metrics that smart CIO use to measure IT's performance.

  • Alignment of IT investments to business strategy - You cannot deliver sustained business value if the IT strategy and the business strategy are not aligned and tightly linked. Despite years of making this the No. 1 priority, the 2007 membership survey by the Society for Information Management (SIM) found that IT and business alignment was the number two management concern with 42% of CIOs.
  • Cumulative business value of IT investments - This metric explicitly measures and communicates the value of IT investments by looking at the cumulative return of the entire portfolio.
  • IT spending ratio of new versus old (maintenance) - This metric focuses on the total IT spend. Depending on the industry, IT budgets consume anywhere from 2% to 15% of revenues and more than half of all capital spending. However, many IT organizations find themselves locked each year into a cycle of spending increasing amounts of the budget on just keeping the lights on - leaving less and less to spend on new initiatives. In fact, research has shown that the average IT organization spends 70% to 80% of its budget on maintaining the status quo versus only 20% to 30% on new initiatives.  Best practices companies have taken this ratio to 60/40, and some are actually driving toward 50/50. Measuring and reporting this ratio can be a key indicator of both the efficiency of IT as well as IT value creation.
  • Critical business service availability (Service Level Agreements) - This metric focuses on the customers of IT and their satisfaction with the services IT provides. The most useful metric would be one giving insight into current and future customer satisfaction - it is a leading, not lagging, indicator. SLA-related metrics are linked to applications or services that are used by IT customers and not to generic technology assets.
  • Operational health (Service Level Management) - This metric focuses on operational health and stability, without which IT will be unable to establish credibility with its users and is more likely to be relegated to a role as a cost center rather than a value center.
- more info


How to identify high risk IT initiatives

IT Infrastructure Strategy Charter ISOIT Internet MetricsHigh risk IT initiatives often can be defined as those that require large staffs and have a long duration. These initiatives typically have seven or more core team members and a completion date more than six months into the future. In addition, there are initiatives that have more than 20 core team members and completion date that is two years into the future.  All of these have a probability of success that is technically greater than zero -- but not by very much.

Identifying losers is difficult at best -- you need to balance probability of project completion versus probability of enterprise benefit achievement.  Success does not mean completion. Rather success is achieving the business objective that the initiative is designed to meet.  Completed projects produce all of the deliverables described in the statement of work, in accordance with their specifications. It is nothing to sneer at; accomplishing even this is not easy. However, completion does not matter unless the deliverables are put to productive use in ways that change and improve how the business operates.

To be fair, you probably should not kill high-risk projects. Rather they should be broken into a collection of separate small projects, each with no more than 7 core team members and six months from start to finish. You will not officially be doing less with less, you should be able to obtain some benefits sooner rather than later.

- more info


Net Neutrality Bill One More Time in the US Senate

 IT Infrastructure Strategy Charter ISOThe latest Net Neutrality bill was introduced as the Internet Freedom Preservation Act. The bill says it's the duty of all Internet service providers to "not block, interfere with, discriminate against, impair, or degrade the ability of any person to use an Internet access service to access, use, send, post, receive, or offer any lawful content, application, or service through the Internet."

In addition, the legislation would prohibit broadband providers from charging Internet content, service or application providers to enable their products, beyond the normal end-user charges for Internet service. The bill would prohibit broadband providers from selling service that prioritizes some Internet traffic over other content, and it would require providers to offer Internet service to "any person upon reasonable request."

- more info


CIOs Face Increased Security Threats

Security Manual - Sarbanes-Oxley

CIOs face pressure due to email and Web security -- they must effectively handle traffic generated by spam as well as good email.  For instance, if a company builds its network to support 15 million inbound email messages per day and 14 million are purely junk.

Janco advicses that companies have a multilayered approach to security given the facts that 711,912 new malware threats were reported in 2007, which translates into 1,950 new malware attacks each day.

Typically, IT teams must physically build out their networks to handle corporate growth. And as the network expands, so does the need for IT staff to manage it.For many enterprises security revolves around building and managing either hardware and software or appliances. IT teams must spend a majority of their time focusing on licensing, updates, performance and availability for a host of security systems strewn about the enterprise. They also struggle with implementation and setup costs, as well as compatibility issues. This leaves little time for managing what is most important - the business processes that mitigate risk.

Security Sevice Level Agreements traditionally guarantee a higher level of performance, availability, uptime and security than IT teams would be able to deliver in-house. And there are penalties to collect on if the provider fails to meet this agreement. Most SLAs offer a way for companies to access reports that feature details on threat mitigation, throughput and response-time performance, as well as other metrics.

- more info


How Successful CIOs Manage Staff

  IT Job DescriptionsSecrets to managing IT staff as defined by a successful CIO are:

  • Hire good people, no exceptions - Hiring decisions are often made under pressure. The position is advertised and then awarded to the best applicant - even if the best is not that great. Stop! Your business will be more successful if you are completely inflexible on candidate fit. If you do not find people who meet your requirements, you like, and fit in, keep looking. Average companies are the result of hiring average people.
  • Deal with staff problems immediately - It is important to take swift action when it comes to poor performers. Failing to act will affect negatively on how other staff and managers view your own competence. Set expectations from the outset. Give regular, frank feedback. Nobody likes firing people, but if it becomes obvious that the person is not going to improve you need to deal with it. Good managers are prompt performance managers.
  • Hire people smarter than you - The skills required to lead a company are diverse. There is one constant: Everyone who creates a high performing company hires good people. If you hire people smarter than you, they will probably do the same - and your organization gets smarter.
  • IT Salary DataTreat people like adults (until they prove otherwise) - Measure outputs, not inputs.Do not have many lengthy policies; nobody reads them anyway. Internet policy is the classic - many organizations have strict policies on hours and extent of Internet use, and ban popular websites (like Trade Me!) and checking your personal email (so people just use their phones). If your primary means of managing staff performance is by limiting their opportunities to NOT work, then you have a problem.  Your people are the foundation of your company culture: do you really hire people to represent your company who you cannot trust to use a computer? Explain your policy: We treat everyone like adults, but only as long as they behave like adults. Deal with people abusing this trust promptly.
  • Say Thank You - Most people are terrible at giving praise. As a result, most people are shocked when they receive it - authentic, genuine praise for a job well done. Make an effort to do it every day with every person who reports to you. It helps with morale and performance and gives you a license to take corrective actions when you need to.
- more info


Data Center Consolidation Impacts DRP and BCP

Disaster Recovery Plan Template

Security Manual - Sarbanes-Oxley

IT Infrastructure Strategy Charter ISODisaster Recovery and Business Continuity planning are impacted by Data Center consolidation that centralizes productivity applications. As enterprises reduce the overall number of data centers, consolidating remote and branch office assets in the process Disaster Recovery and Business Continuity become more critical. According to an international research firm, 41% of large organizations have consolidated most IT assets in corporate data centers, while another 34% have consolidated some assets in corporate data centers.

 

While this has given IT greater operational control and lower costs, it also can lead to increased risk. Each remote site that accesses the centralized data center creates a potential point of failure. If the new centralized location were to fail, all the applications and services housed therein would be unavailable and its impact - as measured in lost productivity and revenue - could be far greater.

- more info


Managing Productivity and Costs in a Turbulent Economy

There have been unprecedented events in the global markets that will have a profound impact on enterprises of all types. Enterprises need to take proactive measures to mitigate the risk of coming under severe financial pressure themselves.

IT Internet Metrics
Is traditional "cost cutting"really the answer? Cost reduction is a promising solution to sustain profitability for nearly all organizations. However, the key to success is finding creative ways to prevent costs.

Metrics are the way we see it.  Metrics based solutions allow enterprises to improve their understanding of the key drivers of profitability and enable them to develop a cost redistribution program that will ensure long-term financial viability. It is critical to identify the areas where cost can be eliminated or reduced and to create and implement a formal cost review process.

Enterprises of all types are feeling the pressure as customers' disposable income decreases while trying to keep up with higher costs of living. Over the last several years, cost management strategies have become the focus of executive management due to global economic challenges.

These external drivers of cost management include:

  • Marketplace Competition - competitors providing similar products at lower prices
  • Recession Fears - less cash flow in the marketplace
  • Rising Production Costs - increasing cost of energy and material
  • Inflation - declining value of currency and/or rising prices of goods and services
    Increased
  • Investors and Boards of Directors Pressures - missed revenue targets, mergers and acquisitions
- more info


ITSM Metrics

IT Service Management Metrics are defined in the ITSM Template.

ITSM Metrics

IT Service Management is possible only with client and IT agreement that service is being delivered.  The ITSM SOA Template is the perfect solution.

- more info


Setting Priorities With Tight Budgets

Meet with each user groups executives and ask them if they could get only one project done, what it would be. The rule for the discussion: They describe their projects in terms of business change, not in terms of software requirements ("We need to improve productivity in the warehouse by picking items more efficiently," not "We need an inventory picking system enhancement.")

IT Infrastructure Strategy Charter ISONext, call a meeting with your business analysts. Walk them through the full list, then parcel out the requests based on each analyst's expertise and ability to get along with the various execs. In this discussion, let them know you're looking for quick solutions that are good enough, not elegant solutions that will withstand the test of time. Their job is to figure out how to get each exec most of the improvement they're looking for and quickly, not all of the improvements they'd like done the "right way."

This means that if a twice-a-day batch extract into Excel file works, there is no need to create a real-time SOA-driven interface. It means that a once-a-night dump-and-load into Excel might be a better answer than enhancing the data warehouse and its business intelligence interface.

It might mean nothing more than teaching their staff how to assign tasks to each other using plain-vanilla existing software, instead of deploying a full-blown, enterprise-scale integrated project management solution.

- more info


CIO Need to Hire and Develop IT Staff

IT Job DescriptionsSuccessful CIOs are utilizing sophisticated, aggressive hiring tactics to acquire the most desirable personnel wherever they may be, while at the same time putting extensive emphasis on retaining and developing internal talent.

This is not easy given the current economic situation.  Developing an adequate in-house talent pool demands more than a simple training program for employees' development. Establishing a strong, predictable internal talent pipeline requires:

  • Clarity of role and expected performance
  • Management of employees at every level
  • Guided training, education, and career planning
  • Assignment of eligible staff to the most exciting projects to motivate them and ensure a satisfying work experience
- more info