Tool Kits -- CIO CTO Tools

Disaster Planning is the resource site forService Level Agreements Metrics Information Technology management. This site contains the Information Technology and management infrastructure tools that the CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Security AuditDescriptions, IT Service Management,  Change Control, Help Desk, Service Requests, SLAs - Service Level Agreements, and Metrics.  Site includes Browser and Operating System Market Share White Paper and IT Salary Survey Data.

Disaster Recovery Templates are Sarbanes Oxley compliant and the Disaster Recovery Template is included in the Sarbanes Oxley Compliance Kit supports a wide range of industries and enterprises of all sizes.  Our clients include over 2,500 premier corporations from around the world, including over 250 of the Fortune 500.

  IT Hiring KitIT Salary Data  IT Job Descriptions

Site Map

Provide Salary Survey Data

 Outsourcing Threat Vulnerability Assessment Business IT Impact - Sarbanes Oxley tool Record Retention and Destruction Policy

Special Offers

IT Service Management
CIO Productivity Bundle
IT Hiring Resource Kit
SOX Compliance Resource Kit
DRP & Security Bundle
Job Description Bundles

Download Salary Survey

NEWS -- The 2014 IT Salary Survey is now available. Study shows that IT salaries have fallen. Companies that participate get a free copy of the next survey when it is released.

Read On..

NEWS - Record Management, Retention, and Destruction Policy Template -  The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

Read on ...

IT Service Management - Service Oriented Architecture  

Follow Us - Get Exclusive
Premium White Papers

Follow Us TwitterFollow Us FacebookFollowu Us Blog Janco RSS Feed


Del.icio.usFacebookCIO Daily

Disaster Recovery Plan Template
Security Manual - Sarbanes-Oxley
IT Infrastructure Strategy Charter ISO
IT Internet Metrics

Interesting Articles

Security is key to keeping cybercriminals at bay

To catch a sophisticated cybercriminal in today's age, IT departments must look deeper into their web traffic and examine many sources of information about web visitors and sessions to determine what behavior is typical and what is not. Existing solutions for detecting and analyzing online criminal behavior usually identify either pre-authentification threats , or post authentification threats (fraud products) but unfortunately not both.

Security Manual Purchase Options

Order Security Manual
Sample DRP
- more info

Security News Digest

Security Manual

Security News Digest

  1. Cybersecurity IT Pros are in short supply  IT Pros who can handle cybersecurity are in short supply Cybersecurity specialist are not being trained by our educational system and this shows with high...
  2. Top 10 Data Security Risks for Cloud Storage  There is tremendous anxiety about security risks in the cloud. CIOs and CSOs worry whether they can trust their users (both internal and external to...
  3. 10 Certifications for Cloud Professionals  10 Certifications for Cloud Professionals Hear are 10 certifications for Cloud professionals.  Some are hardware and software specific and others are independent of hardware and...
  4. ERP Job Descriptions  ERP – Enterprise Resource Planning Job Description Bundle Released Janco has just released 15 Enterprise Resource Planning Job Descriptions in its ERP Job Description Bundle. ...
  5. IT Security Decision Process  IT Security Decision Process The IDG Enterprise Role & Influence of the Technology Decision-Maker survey helps CIOs understand their evolving roles and influence in today’s...
Order Security ManualSample DRP
- more info

Business continuity objectives

Disaster Plan

Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives exist? What are they used for? How are they set?

Purpose of business continuity objectives

Victor Janulaitis, the CEO of Janco Associates, said, "What gets measured gets managed.: The same goes for business continuity – if you don't know how well you are doing, you will have a very difficult time steering your business continuity in the desired direction. And it is exactly this desired direction that is an essential part of measurement: setting the objectives.


Types of objectives

There are at least two levels for which you need to set objectives:

1)  Strategic objectives – for your whole Business Continuity Management System, and

2)  Tactical objectives – Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs),  Minimum Business Continuity Objectives (MBCOs), and exercising and testing objectives.

Of course, depending on the size and complexity of your organization, you can choose to add another layer of objectives – e.g., at the level of individual organizational units (departments, business units, etc.)

- more info

Using spreadsheets to manage risk is risky

Spreadsheets are universally loved. Why? Because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects.

When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ‘ticked the box’ and that risk is managed.  Using spreadsheets and emails to manage risk, is a very risky approach.

Here are the main reasons that does not work:

  • Lack of integrity – spreadsheets are easily manipulated. Anyone could make changes to data to help present a better picture. This could be to cover up a situation once it has happened, to help move blame or mitigate responsibility, or to present a situation or opportunity in a better light.
  • No audit trail – you can’t easily check who changed what when.  You have no guarantee of the provenance of data supplied, and you can’t see how it may have changed over time.
  • Deadlines missed – spreadsheets don’t have any workflows or processes built into them. So while someone may request a review, some information or an audit, if there is no response, there is no mechanism to highlight missed deadlines.
  • No consistency – with no formal structure, each time a new spreadsheet is set up the formatting will be different.
  • Difficult to compile information – risk management information could be held within hundreds of spreadsheets across the organization.  Compiling them is a very long and arduous task.
Threat Vulnerability AssessmentDownload Threat Assessement
- more info

Does it pay to get Certification

Certification a scam or a help?

Most of the certifications being sold to job seekers are unregulated, making it hard for individuals and employers to measure their worth. There are clear metrics on the size of the certification industry but there are estimates that less than 10% of the more than 4,000 personnel certifications that exist have been accredited by a third party.

Salary Survey Job Descriptions IT Hiring Kit Interview Guide

Certifications porcesses and schools are a huge industry.  There are courses and accreditation promoted and sold by professional associations, software vendors, commercial training companies, and even formal educational institutions. In some cases, professionals may end up spending several thousand dollars in pursuit of a certification. Demand seems to be high, with certification requirements often being mentioned in help-wanted ads.

Whether or not they pay may depend upon the types of jobs and levels of demand in a particular economic environment. For example, Janco Associates says that there are no appreciable premiums paid for certifications in recent years, especially when the recession set in around 2009. However, in the most recent quarter, the researchers say average pay premiums for IT certifications rose 1.5%in the third quarter of 2013 -- the largest quarterly gain since 2005 and the first time since 2006 that there has been two consecutive quarters of positive growth in pay for certifications.

Order Salary Survey    Free Salary Survey

Certifications are recognized as a badge of accomplishment in many industries, and Marte indicates that work in underway in some sectors to standardize these programs. Also, employer endorsements of programs is key.

In a competitive era when there is acute demand for highly qualified professionals in a range of areas, certification programs are a way to ensure more training and skills updates. Lifelong learning -- not education that stops on graduation day -- is essential to both working professionals and organizations. The skills that are in demand five years from may be entirely different than today. 

- more info