Archive by Author

Business Continuity Framework

22 Feb


As per Assignment 2 and as part of our module IS6118, we have developed a Business Continuity framework based on our previous blogs regarding Business Continuity. We have used different components discussed in our blogs regarding the topic to produce a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities [1][3]. We have researched different components of the framework and also background to business continuity to get a better understanding of the topic. We have also looked how technologies can be used to help with business continuity and also how a framework has been used in real life case studies. We have decided on 7 main components of a business continuity framework:

1)      Policy/Planning

2)      Management

3)      Communication

4)      Reporting

5)      Identify Critical Business Functions

6)      Analysis

7)      Implementation

Business Framework

Business Continuity Framework


1) Policy/Planning

Business continuity planning is an essential future plan for a business in order to provide a service without any factors affecting its performance. A business can never foresee future events such as a crime, natural disaster, IT failure, power failure, fire, etc. [1]. When it comes to policy and planning service level agreements are fundamental to achieving business continuity. Downtime whether it is planned or not can be hugely damaging to an organisation and it is for this reason why SLA’s are incorporated. They effectively ensure the minimum levels of availability from suppliers and then lay out a plan to define what actions will take place in the event of disruption. The challenge comes when trying to link business continuity and SLA’s together as there are certain services which most definitely require service-level-agreements to be put in place. There are internal and external services which will require necessary SLA’s and they vary from RTO’s, RPO’s, review of BIA, risk assessment, network recovery, time required to recover and restart from failover etc. Such companies as IBM have developed a solution to organisations which enables them to improve business continuity much more efficiently and effectively to data protection strategy and storage infrastructure by applying service level concepts [2] [3].

Business continuity plan is devised to lessen down the distraction that could be caused by the disaster and keep the business competitive. The Business Continuity plan should include the occurrence of several events including equipment failure; disturbance in power supply or telecommunication; application failure or database corruption; human fault, disruption or strike; malicious Software (i.e. viruses, trojan horses or worms) attack; hacking; other Internet attacks; social disturbances or terrorist attacks, fire, theft and natural disasters like flood, hurricane, earthquake etc. [5].

2) Management

Managing the Business Continuity Policy or plan is essential to its success. Assessing the risk(s) that threaten(s) the company is an essential prerequisite to crafting a BCP. Conducting a risk assessment to develop response strategies is vital to a successful BCP. Another management priority is to frequently Rehearse, Maintain and Review the BCP [4]. Management from the top is crucial to the framework as there will be a clear outline of procedures and processes and the risks which need to be eliminated. The strategy of the organisation needs to be clearly defined in order to ensure the BCP is utilised appropriately and the management should also aim to create a culture of business continuity in the organisation and drive home the significance the BCP and this in turn will contribute to the success of it. If this isn’t driven home by the management then the business could be in jeopardy as the costs associated with business continuity could spiral. The Business Continuity Program should be aligned with the enterprise business objectives and that is the responsibility of the management [2].

3) Communication

Communication involves producing plans for training staff that would be involved in the business continuity process and also plans for testing the systems that are involved in the recovery. Identify key staff and potential backup staff in the event of a disaster. Hold staff meetings. Every employee should be made aware of the BCP and should be reminded of it on a regular basis. Test the BCP and put it into action sop that if the day arrives that it needs to be implemented then at least you have practice runs completed [1][5][3]. The idea of communication as part of the business continuity framework is a hugely important aspect as it allows for the framework to be tested before implementation. There is a huge gap here in the framework to utilise the medium of social networks and it is time that businesses start thinking about incorporating social media into their business continuity. One of the main reasons social media will be used during a business continuity plan is for communication during a crisis, disaster or planned and unplanned downtime. Through analysing the opportunities available to businesses through the use of social media to support the business continuity, tools such as ‘Yammer’ can support the HR team in terms of being able to communicate with employees and provide better care in the midst of an incident of downtime. Social media allows the employees a greater influence over an organisation than ever before whether they like to admit it or not. Other social media outlets include, Facebook, Twitter, LinkedIn, Google+, YouTube etc. By using in-house social media tools will aid in improving business processes and procedures due to feedback generated by employees whether it be good or bad and as a result this will help provide more information on areas for improvement which then in turn leads to better BCM. Also in order for a business continuity plan to work the professionals need to be in direct contact with the powers that be in a company in order to understand the company they are working with to ensure that the right risks are mitigated with effective approaches and methods [2].

4) Reporting

A document should be prepared outlining all the remedies in the event of a BCP been implemented and should be easily accessible in an identified location. Duplicate copies should be distributed to employees and also digitally and in an off-site location [3]. In reference to an off-site location this is where the cloud comes into the equation when an organisation is in partnership with a trusted cloud service. These reports, data and information can be stored in the cloud and that is one of the major advantages of utilising the cloud. In the event of planned or unplanned downtime the organisation can rely on the trusted cloud service to have the data readily available and easily accessible. However there may be certain issues when it comes to storing information depending on the jurisdiction and territory but this only applies to regulated organisations. Data integrity will also need to be addressed for the Business Continuity Plan [2].

5) Identify Critical Business Functions

If a business has a plan in place to deal with such events, then the essential functions of a business are fail safe and a business can provide an uninterrupted service. Identify critical external contacts which includes essential information about the contact and the contact list should also include solicitors, IT consultants, landlord etc. information. Identify essential equipment. Make sure there is a back-up system in place such as RAID in the event of a disaster or emergency. Also back up generators and hardware should be ready to use in the event there is a computer failure or power failure [3]. Identify Essential Documents. Documents regarding employee information, premises lease, tax papers, legal issues etc. should be duplicated and stored off site in the event of a fire or natural disaster. The business should be able to set up again [1]. The cloud can aid with the running of business critical functions in the event of downtime as when organisations are in partnership with a trusted cloud service they will have access to a secure and exclusive network with an extremely high availability and this will allow this critical business functions to operate [2].

6) Analysis

Analyse what roles and responsibilities are given to employees during disaster recovery, along with full contact details and capability profiles. Identify Essential Documents. Documents regarding employee information, premises lease, tax papers, legal issues etc. should be duplicated and stored off site in the event of a fire or natural disaster. The business should be able to set up again [1]. The purpose of the risk analysis is to identify procedures that could possibly prevent or reduce the effect of a disaster. These procedures include educating personnel about issues such as security, Vandalism, workplace violence and so on. Risk Analysis involves the analysis of the organisational environment to identify threats that could lead to a disastrous situation.

Areas to be reviewed for such threats are the actual physical location of the organisation, access security, the organisation’s policies, practices and the construction of any of the organisation’s facilities. The objective of this analysis is to identify the vulnerabilities that could cause the most damage to the organisation and to select the appropriate controls for providing effective protection.

The Business Impact Analysis (BIA) can be divided into 3 steps:

1)      Performing the BIA

2)      Determining the minimum processing requirements

3)      Analysing the risk.

Analysing the risk differ from the traditional risk analysis because it actually refers to the prioritisation of resources as well as the identification of possible loss situations for resources [5].

7) Implementation

Implementation involves providing details of services and equipment available to be utilized during recovery. Also, outlining details of all the steps in the recovery process, both to get an initial basic operation up and running, and for full restoration of business. Create a list of responsibilities for implementation of a BCP. This should identify which employee does what and how. Such as person who should phone the fire brigade, this person could be appointed as the Fire Safety Officer [1]. When the development of the strategies recovery is done or completed, then it is now time to implement these strategies. While waiting to implement or to develop these strategies much preparation is needed. For example set up procedures for backup, contracts and agreements. This would also involve assigning personnel to various tasks in case disaster strikes. These tasks are called emergency response practice and should be performed by a team [5].


Based on our above framework and from our previous blogs we feel that for business to continue during a disaster the organisation should follow the guidelines mapped out in our framework. By using the components discussed we feel that a business will be fully prepared in the event of planned or unplanned downtime which affects the performance of the business and thus in turn will lead to loss in revenue. Management needs to be involved from the outset in order to clarify the needs of the organisation and insure that critical business functions will be made a priority and aligned with the enterprise business objectives.


Source [1]

Source [2]

Source [3]

Source [4]

Source [5]


Group 5
Greg Ashe
Shane Counihan
James Stephen Daly
Ruth Kapinga
Eric Edward Lynch


How to Fail at Business Continuity

10 Feb

There are many factors that can contribute to a “less-than-perfect” business continuity program – or a program that truly fails to meet management expectations. What are those fatal mistakes that should be avoided and how can an organization prevent them from occurring? [1]

Not Understanding the Organisation;

One of the main jobs of business continuity professionals is to understand the organisation he or she is working with and that means being aware of how they work, their processes and key products. But here is where the problem lies as they often tend to enhance their program by overloading it in layers and software applications. And this in turn is a huge waste in resources and capital.

When talking about business continuity you are referring to a process which is put in place to alleviate risk within core areas of an organisation. And these risks have to predetermined and decided upon by the powers that be, the management. It all boils down to the top dogs in identifying the type of risk the organisation wants to alleviate, because realistically it is impossible to eliminate all risks. In order to be certain that you are mitigating the high priority risks the business continuity professionals need to have a concrete understanding of the organisation’s strategy, critical products and services and what the long-term goals are. It is from the very top that this information must come from in order to be sure of which risks to eliminate with effective approaches and methods. Without this there is a risk that the plan may be focusing on the wrong aspects of the organisation and not the core functions, services and processes.

Executing Methodology Instead of Managing a Program;

Businesses are always continually trying to improve how they create their business continuity programs and practices, and this is achieved through the use of business continuity methodologies and strategies. A strategic goal linking the activities together is crucial when building a program; otherwise the business continuity program will not provide the intended value. The majority of these methodologies recommend performing analysis activities and these types of analysis help aid the management in focusing on planning for the continuity of the organisations core functions and activities and identify the most appropriate risk mitigation, response and recovery strategies.

Unnecessarily Using Business Continuity Jargon;

When trying to communicate with business and technology stakeholders or the heads of organisations business continuity jargon can be very confusing to people not in the loop when it comes to the subject. Terms which include acronyms such as EOC, RTO, RPO, BIA etc. only help to cause more confusion to the situation. Using these terms in the end generally causes confusion and a lot of frustration. When using these terms it requires non-business continuity professionals to have to adapt to the terminology and learn it on the go which leads to a substantial amount of extra training in order to enable these employees to be able to participate in the business continuity planning. The vast majority of employees and personnel in an organisation will greatly appreciate when the business continuity professional avoids the jargon and speaks in a language they can understand which will result in less confusion and more productivity.

Unrealistic Recovery Objectives;

A lot of organisations out there, during the process of the analysis phase of business continuity planning, request that every business process and unit be defined by their OWN recovery objectives. The problem with this however, is that managers will often struggle to define the appropriate recovery timeframe.

Failing to Create a Culture of Business Continuity;

If a business continuity program does not have the support of the business and the business fails to think of risk mitigation and recoverability when making day-to-day decisions then it is destined to fail regardless if the organisation has the best systems, employees, analysis, strategies and plans. It is important to drive home the significance of a business continuity program into the culture of the business in order for it to be successful in the event of a disaster occurring. This logic also applies to the managers if they fail to take into consideration business continuity when making a decision as they could well be putting the business in jeopardy and the costs associated to business continuity could escalate.



Without a BCP Your DRP = NOTHING!!!

8 Feb

Throughout the last number of weeks as the topic of business continuity management, disaster recovery, the stages through which the continuity and recovery plans are made, the business continuity’s connection to risk management and even lessons learned from real life natural disasters such as Hurricane Katrina. Why they all have valid points and interesting ideas the purpose for this entry is to establish that without a BCP, (business continuity plan) then an organisations’ DRP (disaster recovery plan) will be useless and not worthwhile.

The issue here is that a lot of companies and IT organisations are under the illusion that once a DRP is in place then everything is covered and they assume that it is the same as the BCP. But this is where the huge error occurs because the BCP is a lot more fundamental than they believe. A business needs to plan and make changes for such an event. A DRP will only cover the processes in bringing up the system but what it fails to cover is a vital cog, and that is the human element in the equation. This is where the crucial BCP will come into play but it is often ignored.

Take for example a company’s system which is totally redundant and automated and is fully prepared in the event of failover where to occur. And then when it does, whether it be an earthquake, hurricane, a storm, massive blackouts etc. and the business system is up and running on some cloud based service due to the DR product that was chosen and the company’s DRP worked perfectly. Or so you thought?

But there’s one big problem and that is that there is no staff there to work on the system due to the disaster that is after occurring and with access to the office restricted, no electricity or internet connection and the phone networks are down. The business is up and running but essentially with nobody to run it. This is where the BCP will come into play as part of the DRP.

In reality a lot of enterprises out there when designing a DRP use tools advertised, and they do exactly what they say on the tin. From the IT side of the DRP, the cloud has made it significantly easier with services such as EC2 and Azure but by making the IT side easier to manage doesn’t address the entire issue. It is highly likely that the management of an organisation has not realistically thought of an event extreme enough where all staff are going to be unavailable due to a disaster as there are more important issues to deal in the wake of such an event. In other words business continuity is a company-wide problem and management needs to be made aware of such issues or else when the system ‘fails’ because no staff was available to work it the system will be to blame.

There are several questions which need to be addressed in case of such an event occurring and this is where the BCP will come into play in the overall DRP. Questions such as;

  • Who will run the system if the building or even worse the city is off limits?
  • Who will respond to queries on the website and run payroll?
  • Do the employees have somewhere to work?
  • Where can the PC’s go to keep up and running?

Some solutions to these problems can be to consider having an office at a separate location maybe with a mirrored data-centre and when the primary staff are unable to work then additional staff can continue the work from the separate location so business is not a standstill due to the disaster. Although the costs may be initially high, if an organisation needs to keep running and generating revenue, like most businesses, this should not be a big issue. A lot of organisations are ignorant to the business continuity as they believe that the ‘disaster’ or ‘major event’ will never affect their company or organisation, and as a result they fail to plan for it, or may only plan to the bare minimum while also ignoring the human factor.

IT is now a critical business function in nearly all businesses now and it would be extremely foolish to even consider recovery without thorough planning.

As the saying goes “Fail to prepare, prepare to FAIL”.



Business Continuity and SLA’s

8 Feb

In today’s demanding business world, organisations have to be able to support global operations, meet demanding compliance requirements and manage the ever-growing data volumes. This means that companies of all sizes in order to remain competitive now have to be capable of ensuring rapid recovery from downtime and while also providing high data availability. Unforeseen downtime or disruptions to an organisation can be disastrous and lead to severe consequences, such as:

  • Damage to brand and reputation.
  • Loss of revenue due to interruption of business processes.
  • Loss of critical data and customer loyalty.
  • Reduced productivity of employees and critical resources.
  • Compliance failures and other legal consequences. [1]

In order to provide business continuity, then service level agreements (SLAs) are fundamental to achieving this. To simplify it SLAs help define your minimum levels of availability from key suppliers, and often determine what actions will be taken in the event of a serious disruption. [2]

SLAs are essential tools to ensure that the services the organisation obtains are acceptable. They apply to both the vendors and the internal departments. For those of you unaware of what SLAs are, then they specify that 1) a service to be provided; 2) expected performance with regard to what’s being delivered; 3) metrics against which performance will be judged; and 4) and remedies in case the agreed-upon deliverables aren’t satisfactorily provided.[3]

When linking the area of business continuity and SLAs together, there are certain services which should definitely have service-level-agreements in place. From an internal point of view a business continuity plan might require the following:

  • Satisfaction of agreed-upon recovery time objectives (rtos) in the event of a disruption, e.g., certain systems are restored within eight hours of the disruption
  • Satisfaction of agreed-upon recovery point objectives (rpos) in the event of a disruption, e.g., data being used can be recovered to within 0.25 hours of the disruption
  • Completion of one risk assessment for each business unit per year
  • Completion of one tabletop exercise for each bc/dr plan annually
  • Review and updating of business impact analysis (bia) data annually[3]

Furthermore, for services which are provided externally there are SLAs which are particularly necessary;

  • Recovery of network connectivity to the Internet following disruption of local access facilities
  • Time required to fail over from primary to backup servers, such as one hour
  • Time required to recover and restart downed systems via a cloud-based recovery service, such as one hour[3]

In addition to this IBM has developed a solution that addresses the needs for data and storage protection. This solution enables organisations to achieve a much higher rate of data and storage availability whilst also providing rapid recovery after an unplanned event or disruption. Simply called, “IBM’s business continuity service level protection solution” offers companies and global organisations the chance to help align storage management technologies and processes to business requirements.

IBM’s Business Continuity Service Level Protection solution can help you:

  • Improve your business continuity posture by applying service level management concepts to your data protection needs.
  • Align storage management technologies and processes more closely to business requirements, enabling prioritized recovery responses and better use of resources.
  • Enable your company to achieve higher levels of data and storage availability, and to recover more quickly after a disruptive event.
  • Combine industry-leading business continuity technologies and implementation services to provide a solution that meets your organization’s business needs.
  • Build a foundation for continuous improvement, where performance can be accurately measured against established recovery objectives.[4]

By using ‘IBM’s business continuity service level protection solution an organisation has the ability to improve their business continuity posture by being able to apply service level concepts much more effectively and efficiently to their data protection strategy and storage infrastructure by analysing significant concerns during the course of the process.









Business Continuity and Social Media

8 Feb

Ever since the introduction of the internet, web 2.0 and social media technology has been evolving and year on year. With this in mind and with the mass number of the global population out there now using social media is it time to start thinking about business continuity and the role that social media can play. This is the area I am going to cover in next entry and again it is a topic that has yet to be covered. Social media can have a dual effect on business continuity management as it is an important issue and an enabler.

By the year 2015 around three-quarters of organisations in order to aid their business continuity management strategy will use the medium of social media. One of the main reasons for this will be communication during a crisis or disaster.

Business continuity management (BCM) teams are already being given the task of analysing the opportunities available to businesses through the use of social media to support business continuity, according to Gartner.

With the advances in technology this has helped create new challenges for business continuity and social media is one the main contributing factors to these new challenges. They provide individuals and groups to exercise a far greater influence over an organisation and its employees than ever before. Some of the media being used are facebook, twitter, linkedin, google+, youtube etc.

Social Media

The main social media channels used within business continuity management systems


Social media can help support activities across multiple business functions and this could mean using social media monitoring tools, tools such as ‘Yammer’ and it could also support the HR team.  The monitoring tool could be used within the PR team for scanning activity and if required flagging issues which would be relevant to a certain department. To create clarity in terms of process, responsibilities and roles of teams and individuals, a tailored workflow can be created through the use of the social media monitoring tool and the tool would also lead to more informed decisions being made by an organisation by being able to identify problems being discussed and which are the biggest issues, through the empowerment gained by nature of social media.

The use of social media could also aid the HR team in terms of being able to communicate with employees and provide better care in the midst of an incident or a disaster by allowing them to be able to contact the employee from a remote location if a face-to-face meeting is not possible to discuss the issue at hand.

The use of a tool such as ‘Yammer’ is totally revolutionising the way organisations communicate and share experiences on a global scale. This in house social media tool helps improve business processes and procedures due to the in-depth feedback and insight generated from the employees whether it is good or bad. This allows an organisation to pinpoint the areas which need to be improved which in turn will affect the BCM.

One of the primary role of an organisations BCM nowadays is to create awareness to the importance of social media across the organisation and more importantly that this is recognised and addressed in their business continuity strategies and plans.

Enterprises simply cannot afford to ignore social media as a crisis communications tool,”  “In many cases, social media may represent the only available means of locating and contacting personnel; providing stakeholders with the information and assistance they need; informing citizens, customers and partners of product/service availability; and taking other business-critical actions following a disruptive event.” – Andrew Walls, research vice president at Gartner.





Business Continuity and the Cloud

4 Feb

For the last number of weeks there have been many blogs posted about what Business Continuity is, how it is defined and so on from members of my team.  In previous blogs from ‘billynomates2012 and ‘mirra2 they have given in introduction to the topic while progressing onto the planning behind business continuity, the creation of a plan for a SME, also touching on the topic of putting the plan into action after a disaster such as Hurricane Katrina and a then giving details on a disaster recovery plan (DRP). For this blog I will look to discuss something different from a business continuity side and also this area has not been looked upon yet. And that is business continuity and the cloud.

From the previous blogs that have been posted my understanding of business continuity is that in the event that a disaster occurs how can an organisation stay in business? The disaster can range from a localised incident to loss of power or an incident on a much bigger scale such as natural disaster like hurricane Katrina which billynomates2012 covered already. In having a business continuity plan in place in the wake of a disaster the organisation will be covered for the core functions, the data and the system.

With more and more organisations now outsourcing some of their key business elements to the cloud the executive needs to be a lot more involved with the Business Continuity Professional in identifying some of the crucial areas that need to be addressed when choosing the correct Cloud Service Provider.

When people talk about the cloud they mention high availability, scalability, on demand services (PaaS, IaaS, SaaS), redundancy and diversity. But the purpose of this blog is to determine how the cloud can help aid in the BCP. There are three areas which I am going to look at and they are information, technology and people and location.


The cloud has many benefits when it comes to storing information and data and this is one advantage for a business. In the event of a disaster having your data stored confidentially with a trusted Cloud based service can allow your data to be readily available and easily accessed. There are some issues though when it comes to storing an organisations data in certain jurisdictions and territory. This will only apply to regulated organisations and this will help determine their service provider. Also the matter of data integrity needs to be addressed for the BCP and DRP.


“Infrastructure as a Service (IaaS) is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.” [1]

When a BCP has to be provided for data centre(s) IaaS (definition above) provides a very strong case for being implemented. VoIP services could be used as a business continuity planning measure to provide adequate telephony cover,

People & Location

For many business and organisations the internet and broadband has changed the way in which business is conducted. Staff are located all over the world and communicate with each other instantly. When companies utilise the cloud based services and have a distributed workforce the issue of people and location are less of a concern. With regards to a business continuity scenario, in the wake of a disaster, the tangible option would be to inform to staff to work from home as they would be able to access the systems which are running in the cloud. For example, when organisations are in partnership with trusted cloud services they have access to a high availability network and exclusive connection to the network and it is because of this that critical business functions may still be performed in the event that internet is not available due to the trusted network connection.



Quick Recap…………

29 Nov


As the world of the blogosphere comes to close I will give a quick recap on what I covered in my previous blogs over the last month and a half. The topic that I covered along with my group of oconnormatty7, aherntim1 and bigjim123 was the “Role of the Chief Information Officer”. With countless articles, internet pages, newspapers and academic pieces read the role of the chief information officer has been covered in some depth.

It all started off with the history of the CIO and where the term originated and how it has progressed through the years to what it is today. Along with me, oconnormatty7 covered the history of the CIO but throughout the different eras such as the mainframe, distributed and web-based eras. Next I covered what it is that the CIO does in his/her job and what it boiled down to essentially was 4 key needs according to Michael Scheuerman, an independent consultant, and these 4 key areas where strategy, interpretation, communication and delivery.

The next step I took in looking at the CIO was a certain type of CIO and that position is the Global CIO. I took an in depth look into the role of Paul Burfitt who was the global CIO of a worldwide pharmaceutical company, AstraZeneca. This blog highlighted the different aspects of the job on a global scale and one of the key points that he makes about the job is to prioritize and that as a global CIO one cannot be afraid to say no if a technology isn’t going to improve business or IS priorities.

I followed this blog up with the ‘The new threats facing a CIO’ and this is exactly what it says in the title and there are 4 key threats which I focused on and this areas were lack of vision, lack of leadership, trying to resist the social/mobile revolution and surrendering to the 80/20 budget trap.

After this I turned my attentions to ‘5 other strategic issues facing a CIO’ and this was after bigjim123 had already concentrated on the ‘the TOP 5 strategic issues facing a CIO in 2013’. bigjim123 had covered the issues of Simplify IT and Transform Your Spending: Kick the 80/20 Budget Habit, Lead the Social Revolution: Drive the Social-Enabled Enterprise, Embrace the Engagement Economy: Merge the Back Office and the Front Office into the Customer Office, Upgrade “Cloud Strategy” to “Business Transformation Enabled by the Cloud and Transform Big Data into Big Insights, Big Vision, and Big Opportunities. I followed up with another 5 issues facing the CIO and this gave a clear idea of what the CIO is facing in the next year let alone the next 5-10 years.

My 6th blog went with something different and which nobody else had covered before but it was the role of the virtual chief information officer and it is something that is probably not very common right at this present time but there are companies out there who hire out CIO’s to businesses and they essentially help free up time for the owners, CEO’s, CFO’s and prevents them from splitting their time between running the business and looking after the information technology issues as well.

Which leads lastly to my penultimate blog which was ‘the top 10 competencies of a CIO’ and with the diagram that was included it was a very concise explanation of what is required from a CIO and the core competencies for the role.

So with all that in mind and from all the research conducted by myself and many others the role of the Chief Information Officer has become that much clearer. It is evident that the role is an extremely high pressured position that is up there with the CEO and other level executives. The CIO must be dedicated, hardworking, have a great business mind and of course up to date with all that is going on in the technology world as to deliver the best advice to the business in order to provide value to the organisation.

Thanks to everyone for reading and the feedback, and I hope that through this you now know as much as I do about the CIO and are eager to learn more. Later ISBP……

ericlynch1 out.

Top Ten Competencies of a CIO

26 Nov

In my last blog entry about the “Virtual CIO” I briefly mentioned how a company hiring a virtual CIO will choose the competencies it needs at the time to best suit the company. In previous blogs before this, it has been mentioned about the skills required to fulfil the role of a CIO but I am going to go into a bit more depth the competencies that I referred to. They can be broken down into 10 areas shown in the diagram below.

Starting with strategic planning at the top of the diagram, this revolves around making sure that the business strategy you have in line for the company goes hand in hand with introducing new technologies whilst ensuring that the already fundamental technological components remain in lock-step with the business initiative. Moving onto security next and this is a very important part of the circle as security is key to every organisation and it is vital that the correct  security policy controls are implemented and that the business processes and architectures follow the security policies which are put in place. Next up is capital planning and investment which basically means that the CIO must control and initiate capital planning and investment to manage the overall technology investment within the company.

Number four is leadership and management and is one of the essentials of a good CIO as they have to be able to have the right people around them in the work environment. They also help the company recognise where change may be necessary and this also requires them to be able to manage the business and technology practices and be able to bring them together. Technology Acquisition involves interacting with other business entities to approve vendor packages and other technologies that may need to be introduced into the company whilst also managing the risks involved in potential technology transition. Yet again this is another area which is crucial and that is Process Improvement. With technology advancing all the time and vendors always trying to introduce something new into a company the CIO needs to work with all the departments  necessary in an effort to update processes but also leading the way in promoting continued improvement. Working in conjunction with the 5th competency is Technology Assessment which requires a keen eye and being able to pinpoint areas for evaluation, replacement or process change having completed several and continued detailed assessments of the current business technologies.

Number eight on the list is Performance and Results-Based Management and this means that the CIO needs to be able to see areas to improve and clearly set out goals and measurements for improving the efficiency and before any investment is made in technology he/she will make recommendations to revise processes. The second last item on the list is Architectures and this is referring to the architecture of the technology and the CIO must establish an architecture policy to ensure smooth integration of new technology as the business needs grow. And lastly is Policy which can tie into security as well in terms of data protection and ensuring information technology governance across the business.

So these are some of the key competencies which a CIO requires to succeed in such a high pressured position. Any thoughts feel free to comment.

‘Virtual’ Chief Information Officer

24 Nov

As the level of technology has increased over the last decade or so, so has the importance and complexity of information technology for businesses. Technology has become crucial for an organisation to move forward in how they do business. With this in mind there have been more and more companies employing a Chief Information Officer to undertake the job of getting the most out of the firm’s investment in technology. This executive level officer generally has many years of experience and more than likely an advanced degree, possibly in business or IT. They are very tech savvy, highly educated, highly skilled and most importantly highly paid.

But this is where a problem can arise, the fact that they are highly paid might be an issue for some firms in hiring a CIO. Another issue is that there are many companies out there who might not feel the need to employ a CIO full-time to fill the gap between executive management and Information Technology. This is where the role of the ‘Virtual CIO’ comes into the equation as a vCIO helps the firm choose which CIO competencies the company needs now, helping with the overall Information Technology direction, governance and planning to support strategic business initiatives. For businesses that need IT experts there are companies out there where chief information officers are for rent. They are provided to businesses in need of an IT expert and a virtual CIO is essentially an outsourced IT executive hired by companies that can’t afford, find or need a full-time worker.

On a weekly basis they will meet with the management staff and executives to bring them his/her information technology expertise to bear, simplifying complex technologies, adding clarity to projects, and helping the management in making sensible decisions. They work with the business to analyse their IT needs, whilst creating a strategy and expanding the staff when needed as the business grows. The job of the vCIO is to understand what the business requirements are for the company and to build the right IT infrastructure.

A virtual CIO essentially helps free up time for the owners, CEO’s, CFO’s and prevents them from splitting their time between running the business and looking after the information technology issues as well.

A Further 5 Strategic CIO Issues For 2013

20 Nov

As bigjim123 posted on the 19th of November about The Top 5 Strategic CIO Issues For 2013 I will further this by going into the other 5 issues which Bob Evans, senior VP for Oracle, has pinpointed as areas which must be focused on. Just to recap, the points which bigjim123 covered were;

I.            Simplify IT and Transform Your Spending: Kick the 80/20 Budget Habit

II.            Lead the Social Revolution: Drive the Social-Enabled Enterprise

III.            Embrace the Engagement Economy: Merge the Back Office and the Front Office into the Customer Office

IV.            Upgrade “Cloud Strategy” to “Business Transformation Enabled by the Cloud

V.            Transform Big Data into Big Insights, Big Vision, and Big Opportunities.


As already discussed in the above 5 topics and the ones which will be covered in this blog there are numerous themes that keep on coming up throughout. The next 5 issues to be covered are;

  1. Unleash Your Company’s Intelligence: Create the Enterprise-Wide Opportunity Chain
  2. Future-Proof Your IT Architecture
  3. Preside over a Shotgun Wedding: System of Record Marry Systems of Engagement
  4. Lead with Speed: CIO as Chief Acceleration Officer
  5. Bend the Value Curve: More Innovation, Less Integration


Unleash Your Company’s Intelligence: Create the Enterprise-Wide Opportunity Chain

In order to progress and really unleash your company’s intelligence there is a need to build on already existing and working notions of the supply and demand chain, the data warehouses and marts. This is where the Opportunity Chain can come into play and help transform that internally orientated information not only into customer-centric but a growth-driven language of opportunity. But in today’s world with everyone always ‘ON’ and available through the global marketplace, this has led to the requirement of new understandings and visions driven by social revolution, and it is due to this that the old reliable systems and approaches which we have gotten used to just don’t cut it anymore and they are simply not able to cope with the new realities demanded by the customers and the current time we live in. so it is the Opportunity Chain concept which can help provide a market-facing framework and background for exploiting the potential of business analytics and Big Data (Big Vision).


Future-Proof Your IT Architecture

If you think back just 3-5 years ago Big Data was regularly a computer geek’s conversation, the cloud was still mostly a conceptual or isolated on the fringes, social was a minor but on-going irritation, and the business analytics side of things was taken care of by a team of experts reporting to a team of executives. With the huge increase in data this surely requires a similar in not bigger increase or explosion so to say in infrastructure growth. This leads us to think that the high business demands of today need to be met head on with the innovative tools of tomorrow.

Businesses need fresh thinking about the architecture of tomorrow because merely rebuilding or adding on to the existing plan will simply not meet the wildly different and more-demanding requirements of tomorrow” (Bob Evans, VP of Oracle).


Preside over a Shotgun Wedding: System of Record Marry Systems of Engagement

With the endless streams of data and information being gathered from social, video, customer experience etc. the old-style back-end systems are not equipped anymore to handle all this vast data. Although some of the new tools and solutions that are coming into the market are beneficial and great gateways into the real-time wants and customer and employee needs, they still are behind in the fundamentals of the old reliable ERP system. What the CIO needs to do is seamlessly and rapidly tie the two worlds together while finding new approaches/solutions. As described in point # 1, the opportunity chain, it will be the strategic integration which will become the foundation of this Opportunity Chain.


Lead with Speed: CIO as Chief Acceleration Officer

If you could promise your CEO that you could shorten product-development times, reduce days-of-inventory turns, accelerate deliveries to customers, cut or eliminate the wait-times a customer endures on your support lines, and shorten your order-to-cash cycle, is there a CEO on planet Earth who wouldn’t idolize you?”

The title is here is pretty simple and self-explanatory. As CIO why not embrace the position and all it stands for and take on a new mission for your IT organisation and think if a CIO as a ‘chief acceleration officer’. Basically what this is saying is instead of just going with the flow be a leader not a follower and in doing so he/she should lead the company’s efforts to do everything it does not only just better BUT faster too.


Bend the Value Curve: More Innovation, Less Integration

In my last blog entry I first mentioned this saying as a possible mantra for a CIO and now I will go into more detail and explain what the meaning behind it is. Going back 20-30 years there have been vendors and they have always tried to plug the latest and greatest technology and introduce streams of new products. Not only were this new products becoming more capable and more powerful they were also becoming more complex which in turn leads to more integration, more training, testing, fine tuning, patching, modifying, monitoring, upgrading etc. . This was an okay model way back when there weren’t many alternatives available. But today with technology growing faster than we can keep up with that model is changing. It is now time to move on and the old model is ready to begin the transition over to the ‘computer museum’. CEO’s are growing tired of their budget getting bigger and bigger year by year due to IT operations and seeing next to no improvement and not seeing an increase in business value. For the CIO the answer is an easy one but by no means simple: they need to take a step back and begin withdrawing themselves and their technology teams from the business integration and start focusing more of their time on the customer-centric and growth orientated innovation. An example of a company leading the way has been Oracle with Exadata, Exaltics, and Exalogie.

So just to recap: More Innovation, Less Integration.


%d bloggers like this: