In many enterprises, CIOs are perceived as mere technology managers, while in reality they should be viewed as business leaders. The CIO's focus should be on reducing costs and improving profitability through the strategic usage of IT. It is very important for the Information Technology organization to get out of a transactional mode. If the CIO has the right infrastructure in place, then the CIO can help in directing the strategy of the enterprise, and even shape its destiny. The CIO brings his own perspective, and without them, enterprises cannot build a robust operating environment.
The CIO Infrastructure Tool Kit is comprised of a collection of Janco products that CIOs and Directors' of IT can use to create a strategy and manage in today's interesting times.
Pandemic Planning as Part of the Disaster Planning Process
Security Risks Magnified With Staff Reduction
Getting Ready for the Recovery
During a downturn, CIOs often have to make some unpopular decisions and that often costs them the alliances they need to succeed. Based on Janco's experience the highest attrition rates for CIOs is during a recovery. With a recovery, many enterprises feel they can afford a change at the top to get a new direction and improve the enterprise's IT operations. In order to succeed CIOs need to take proactive steps before it is too late.
Over the last several months, CIOs and enterprises around the world have trimmed IT staffs to the bone. Now they have an interesting timing issue that they need to face if they want to be geared correctly for the recovery. The Corporate Executive Board research indicates that the number of companies moving up or down in industry rankings more than doubles during the recovery before returning to normal levels in the subsequent months.
When should CIOs start to look at re-building their staffs? How do they rebuild alliances that have been damaged as they have cut staffs and services? What are the right signals that they should watch and what should they do to prepare?
CIOs need to act well in advance of the recovery. The end of a recession is often recognized only months after the fact - too late to gain a large competitive advantage. The most progressive CIOs and IT Managers turn to recovery mode before competitors by implementing a recovery plan right now.
CIOs Should Prepare Now for the Recovery
Most IT functions are operating at very high productivity levels and do not have any extra capacity to use when the recovery starts. Once the recovery occurs there were be huge demand for initiatives, projects, and staffing. CIOs who react too late will find they will not be able to meet the demands placed on them.
One of the first things a CIO should do is get his organization in order.
Review the organization infrastructure with IT Service Management (ITSM) and Metrics in mind
Review status of the Service-Oriented Architecture (SOA) and how it will be applied with new initiatives
Review all of the responsibilities of the IT staff and support staff members - have current job descriptions in place
Identify the resources that will have to be hire (employees) or retain (contractors) additional resources
Have completed requisitions and recruiters in place so recovery management can start quickly
These may seem like simple things, however without them in place before the recovery, the IT function and the CIO are risk to be marginalized.
The CIO Infrastructure Planning Tool Kit is comprised of a collection of Janco products that CIOs and IT Managers can use to get ready for the recovery.
Pandemic Planning as Part of Business Continuity Planning
The Disaster Planning and Business Continuity Planning Template has been updated to include a Pandemic Planning Check List along with a job description for a Pandemic Coordinator.
In Business Continuity and Disaster Recovery Planning when a pandemic occurs the processing centers many exist, however staffing may not be available.
The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities and to:
Define necessary staff levels for critical business processes
Identify who can work remotely and who has to be in the office
Validation of vaccinations for key staff members
Identify the lights out processing issues for computer operations staff
Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
Train and test of users and IT staffs in how to operate from remote locations
Require key employees to work from remote site at least once a month
Validate broadband capacity to remote sites (home users)
Have copies of disaster plan available in remote site
Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
Define change management and version control processes to be used and how they will be controlled during the pandemic.
The question of what to do with unused IT equipment is a rapidly growing security problem for many companies hit by the recession and the accompanying layoffs. Countless desktops, laptops, servers and hand-held devices are lying around -- often with sensitive data on them -- gathering dust in cubicles, in stockrooms or on vacant desks. At the same time, software licenses, notoriously easy to lose track of, are also piling up. Many IT functions are under funded as enterprises drive for improved productivity and expense reductions. Decisions are made on in a spirit of making do. For example, Since no one is using the abandoned offices and equipment there is no risk...
When an organization is in survival mode, resources are being husbanded and everyone's working flat out, it takes a strength and leadership to say "no, not good enough" to something that is apparently working well. It is also difficult to justify more spending with no direct effect on revenues, and to demonstrate that something that seems optional is in fact required.
Responsibility for security and disaster recovery planning cannot be abdicated. It is hard enough for an organization to recover from a serious security breach at the best of times. These are not the best of times. Argued from the context of minimizing risk, the value of doing it right is clear. Make sure you're equipped to win that argument.