CIO IT Infrastructure Policy Bundle

In partnership with Janco Associates, Inc. we have combined the policies that have been developed over time with some of the best IT organizations around the globe into a single package. With this bundle you get a PDF file that has all of the procedures in a single document that is over 210 pages long. It would take your staff months to develop these procedures from scratch. In addition you get a separate MS-Word document for each procedure which can easily be modified.

This bundle contains the following policies:

Backup and Backup Retention Policy
Blog and Personal Web Site Policy
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy

Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format for those clients who just need this particular policy. All policies are Sarbanes-Oxley compliant.

Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy

This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:

Appropriate Use of Equipment

Mobile Devices

Internet Access

Electronic Mail

Retention of Email on Personal Systems

E-mail and Business Records Retention

Copyrighted Materials

Banned Activities

Ownership of Information

Security

Sarbanes-Oxley

Abuse

Included are these ready to use forms:

Internet & Electronic Communication Employee Acknowledgement

E-Mail - Employee Acknowledgement

Internet Use Approval Form

Internet Access Request Form

Security Access Application Form

Sensitive Information Policy

This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data. The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).

Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other employees, contractors, suppliers and customers data and software can be compromised. This policy is four page in length and covers:

Data and application security

Minimize attention

Shared public resources

Off-site meeting special considerations

Outsourcing Policy - This policy is seven page in length and covers:

Outsourcing Management Standard

Service Level Agreement

Responsibility

Outsourcing Policy

Policy Statement

Goal

Approval Standard

Base Case

Responsibilities

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

Infrastructure and Policy News

CIOs and Lawyers Must Communicate

IT chiefs and lawyers must learn to speak the same language if they are to work together to help organisations avoid risk. And although responsibility for IT risk management, the careful balancing act of businesses benefit against liability,must not begin and end with the IT department, it is important to run any policies past the techies.

It is vital the IT crowd is consulted, agrees with and has ownership of any policies that directly affect them, and technical teams must make the effort to try and communicate with legal eagles in a language other than IT speak. It is better to have a legal team which will tell the IT department what we need to be doing. But lawyers being lawyers, it is very difficult to work with them to understand what we want and if they could talk to us in an IT language life would be much easier.

If you express risk in the different languages make sure things are transparent and everyone does understand who is responsible for what.
- more info

Factors to Consider in a Disaster Recovery & Business Continuity Plan

The Janco Disaster Recovery Plan & Business Continuity Template takes into consideration all of the items related to various layers of operations that most enterprises need to consider if they want to continue after a disaster occurs. These include:

Strategy - Items related to the strategies used by the business to complete day-to-day activities while enabling continuous operations. Examples include financial, manufacturing and disaster recovery strategies.

Organization - Items related to the structure, skills, communications and responsibilities of your employees. Examples include human resources, training, and internal and external communications.

Applications and data - Items related to the software necessary which enable business operations, as well as the method used to develop that software. Examples include customer relationship management (CRM) applications, enterprise resource planning (ERP) applications, databases and transaction processors.

Processes - Items related to the critical business processes necessary to run the business, as well as the IT processes used to ensure smooth operations. Examples include accounts receivable, accounts payable, change management and problem management.

Technology - Items related to the systems, network and industry-specific technology necessary to enable your applications and data. Examples include host systems, workstations and Internet Protocol (IP) networks.

Facilities- Items related to the buildings, factories and offices necessary to house your organization and your production or service technologies. Examples include data centers, office buildings and physical security operations.
- more info

Where CIOs spend their time

In a survey of CIOs, it was found that they spend most of their time:

Aligning IT with enterprise goals

Cultivating the IT and enterprise relationship

Improving IT operations and system performance

Leading change efforts

Implementing new systems and architecture

Driving business innovation

Redesigning business processes

Controlling IT costs

Developing the business strategy

Looking for a competitive advantage

Managing IT crises

Managing security

Selecting and negotiating with vendors

Developing customer market strategies and technologies

Studying and understanding market trends and customer needs
- more info

Some improvement in the job market

A technology job board is seeing a steady uptick in technology jobs for the financial industry. After the economys meltdown in 2008 and 2009, its taken some time to see recovery in this segment. If you have technology experience in the industry, there are jobs to be had.

Programming skills are way up in terms of demand, especially the C languages with C# being the skill most sought after right now, along with skills in C and C++. In New York City and the metropolitan area, financial technology positions garner 20 percent higher salaries than the general technology population.

There is good news on the technology jobs front if you have prior banking or financial industry experience. Salaries are higher than the average tech job, especially on Wall Street.
- more info

New Policy Templates Can be Customized

Documenting a clear set of IT policies is a resource-intensive process for IT managers, due to the research and writing time involved. And once policies are created, the next step is to communicate and gain acceptance for those policies throughout the organization. Wouldn't it be nice to start with boiler-plate templates that require only minor customization?

Janco Associates is offering you CIO IT Infrastructure Policy Bundle. This updated, time-saving package will provide you with a stocked library of over 200 pages of policy templates. Plus, you get the tools, techniques and advice you need to successfully apply these policies in your company.
- more info

CIO continue to run with tight budgets

Overall server spending in enterprises remains weak in 2010 as companies continue to look for ways to save money following the economic downturn, according to research firm TheInfoPro.

According to the survey, which gathered data from 252 decision makers at Fortune 1000 companies, 38 percent plan to reduce server budgets this year compared to 2009, while 25 percent plan to spend more.

Though demand for server hardware has picked up, spending has flattened due to growing trends like virtualization, which helps manage a larger number of tasks on fewer servers.
- more info

What is the Chief Technology Officer's (CTO) Role

The Chief Technology Officer (CTO) is responsible for overall direction of all technology functions associated within the enterprise. This includes Information Technology applications, communications (voice, data, and wireless), and computing services within the enterprise that impact the both the enterprise, its products and its customers. As the top technical architect of the enterprise he or she provides a vision of how technology can be applied. These areas include product design, customer interactions with the enterprise, IT operating systems, communications (voice, data, and wireless), transaction processing and database administration, compliance with all mandated requirements, the information center, personal computers, electronic and optical storage, and multimedia applications.

You can get more by getting the Internet and Information Technology Position Descriptions Handiguide - 2010 version.
- more info

Virtualization improves disaster planning and change control

IT has been reported that organizations implementing virtualization often experience less server downtime than organizations not deploying virtualization, and many have taken steps to provide better disaster recovery than they could have in an unvirtualized environment. Several surveys show that virtualized environments experience between 35% to 40% fewer server outage hours per year than unvirtualized environments.

The reasons often given are:

Simplification - Virtualization allows more OS workloads and more applications per server. This results in fewer servers and more standardization, which results in easier provisioning of new or redeployed applications.

Independence - Since the OS/application workload does not tie to a specific physical server, IT Management can migrate their workload from server to server thus becoming free a particular server. This facilitates the ability to dynamically migrate applications from an overused or failing server to a healthy server, avoiding outage.

Flexibility - Virtualization simplifies the process of initiating an OS/application. This enables IT management to have options for locating the OS/application on a particular physical server. In that way IT Managers can easily suspend, relocate, and restart applications that are degrading on a server.

Better Change Management - Virtualization makes it easier for system administrators to set up a replicate test OS image, which makes it easier to fully regression test new configurations (new application releases, new software versions, etc.). Fuller regression testing of new configurations results in fewer defects encountered in production.
- more info

I.T. hiring picks up

Salaries and hiring are both on the rise, Janco reports.

The I.T. jobs outlook is strongest among large companies, where many chief information officers have received the go-ahead to fulfill I.T. positions that were left unfulfilled last year, Janco Associates Inc., a management consulting firm specializing in information systems technology, says in its Mid-Year 2010 IT Salary Survey report.

In contrast, technology executives at smaller companies are being more cautious about hiring out of concern that the economic recovery will not be strong enough to support increased I.T. spending, the survey found.

Nonetheless, most chief information officers who participated in the survey said in post-survey interviews that theyre planning for 2011 with the assumption that the economy will improve early next year. If that holds true, I.T. hiring and compensation should rise for more companies, Janco says
- more info

Consequences of too much social networking

Facebook, MySpace, and other social networking sites make it easy to share information with friends. If you are not utilizing safety features and precautions, however, you are also sharing that information with strangers. Posting too much information on your profile can have consequences that reach all the way from your bank account to your future employment prospects.

According to Consumer Reports, in the last year 9 percent of social network users experienced some form of abuse, such as malware infections, scams, identity theft, or harassment. Many of these incidents are preventable, if you educate yourself about what to do and what not to do on social networking sites.

Similarly, an increasing number of prospective employers are turning to social networking sites to research applicants. Does your profile represent you the same way you would represent yourself in an interview?
- more info