IT Hiring IT Job Descriptions Salary Survey IT Salary Survey IT Job Descriptions

Chief Security Officer

What is the Chief Security Officer (CSO)?  The title Chief Security Officer (CSO) was first used inside the information technology department and function to identify the person responsible for IT security. At many enterprises, the term CSO is still used in this way.

The CSO title is also used in many enterprises to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets. This individual often holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate departments.

The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.

At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, HIPAA, and ISO 27000 (formerly ISO 17799) 27001 & 27002 standards, desire an enterprise-wide view of operational risk.

Chief Security Officer - Position Purpose

The Chief Security Officer (CSO) is responsible for overall direction of all security functions associated with Information Technology applications, communications (voice and data), and computing services within the enterprise.  At the same time the CSO must be aware of the implications of legislated requirements that impact security for the enterprise.  This includes but is not limited to Sarbanes Oxley Section 404 requirements.

The CSO has the responsibility for global and enterprise-wide information security; he/she is also responsible for the physical security, protection services and privacy of the corporation and its employees.

The CSO oversees and coordinates security efforts across the enterprise, including information technology, human resources, communications, legal, facilities management and other groups, to identify security initiatives and standards. The CSO works closely with the chief information officer and must have strong working knowledge of information technology.

A full 6 page Chief Security Officer (CSO) job description can be found by clicking here;

 

Internet and IT
Position Descriptions HandiGuide®

273 Job Descriptions Descriptions and Organization Charts  

Order Job DesccriptionsDownload Job DesccriptionsSample Job Desccriptions
  
Format Print Modify Source Cut & Paste

Features

Cost**
PDF Yes No No The complete Internet and IT Position Descriptions HandiGuide which includes the Job descriptions in PDF formats which utilizes the Adobe search and bookmark features. Less than $3.44 each Order Job Desccriptions
Word
Files
Yes Yes Yes Individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD.docx)
Less than
$3.83each
Order Job Desccriptions
Word
Book
Yes Yes Yes Word Search Fully Bookmarked.  All job descriptions are contained in single word book - NOTE this is a complex document and the user needs to know WORD very well to extract and modify the individual job descriptions (WORD.docx) Less than $4.59 each  Order Job Desccriptions
PDF
and Word
Files
Yes Yes Yes The complete Internet and IT Position Descriptions HandiGuide plus individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD.docx) Less than $5.75 each Order Job Desccriptions

 


 

 

 

CIO - CTO Employment News


Password Security Tip

May 2nd, 2016

Password

Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

Order Security ManualSample DRP
- more info

Top 10 Cloud postings

March 30th, 2016

Top 10 cloud postingsTop 10 Cloud postings

Order Cloud Outsourcing Template  Download Selected Pages

- more info

Demand for wearable devices explodes

March 10th, 2016

Demand for wearable devices explodes

Wearable vendors shipped 27.4 million devices in the fourth quarter of 2015. That is almost 130% more than the last quarter of 2014  For the whole year, worldwide wearable shipments amounted to 78.1 million devices, up 171.6 percent from 2014.

The triple-digit growth shows that "wearables are not just for the technophiles and early adopters.

Wearable Device Policy

The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate

Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity


 Download Selected Pages


Mobility Policy Bundle
 (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
Order
- more info

Physical security now a major concern of CIOs

February 18th, 2016

Terrorist AttackPhysical security now a major concern of CIOs

With the recent terrorist attack physical security is seen as growing concern for all organizations. Among the ranks of potential threats that organizations face, acts of terrorism is an increasing concern.

More than one half of all CIOs that we have talked to have expressed concern about the possibility of both an act of terrorism or a security incident such as vandalism, theft or fraud disrupting their organization.

Order Security Manual Download Selected Pages 

- more info

Ransomware is more common than you think

January 22nd, 2016

Ransomware is more common than you think

RansomewareRansomeware has grown in occurrence and sophistication in recent months. One of the best known forms, called CryptoWall, just had Version 4 released.  It has a greatly improved ability to hide from antivirus software and firewalls. It is estimated that the  distributors of CryptoWall made more than $25 million in 2015. There have been recent indications that the bad actors are concerned about maintaining the belief that paying the ransom will really allow for file recovery. As such, in some instances, they have been found on PC help forums, assisting victims with file recovery and payment issues. How big of them!

Ransomeware typically ignores local drives but attacks server drives.  It will encrypt the data files and accounting databases on the server.

Malwarebytes is a great tool you can use to eradicate the actual infection from any PCs. Once that is done you can began to plan for file recovery.

Order Security Manual Download Selected Pages

- more info

Some executive fight security practices

January 7th, 2016

Some executive fight security practices

Security PoliciesEven today there are clashes with senior business executives that make it more challenging for CSOs and CISOs to create a secure environment.

Many of the conflicts that occur between security and business executives are due to ongoing philosophical differences regarding risk and convience.  Many of them feel they are above the standards and can do whatever they want.

Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data.

Order Security Manual Download Selected Pages

- more info

Why do CIOs move to the cloud?

December 1st, 2015

The need to lower cost, increase efficiency and conserve cash has increased the motivation of companies to turn to Cloud Computing and increased the appeal of alternative delivery models. The disruptive shifts in new demand and supply patterns drives changes for how IT services are bought and from whom. Cloud computing requirements need to be well defined.

Reasons Why CIOs Recommend Outsourcing

Order Cloud Outsourcing Template  Download Selected Pages

- more info

Planning for Blackouts

November 9th, 2015

Planning for Blackouts

The power grid failure need to be considered in DR BC planning. A power grid consists of a set of large power plants (hydro-power plants, wind farms, solar panel farms, nuclear power plants, etc.) all connected together by wires. A grid can be as big as half of the United States.


Most grids work very well as a power-distribution systems because they allow power sharing very economically. For example, a power company needs to take a power plant or a transmission tower off line for maintenance, the other parts of the grid can pick up the slack.  However that also is the greatest risk as weather can impact on part of the grid that can the trickle down and impact the rest of the grid.

 Order Disaster Plan Template Download Selected Pages

- more info

Setting the standard for IT Infrastructure

September 2nd, 2015

Setting the standard for IT Infrastructure

Infrastructure and governanceInformation infrastructure and governance is not on most our minds every day. Many CIO thing the enterprise operations staff will figure it out. Or maybe that three-ring binder of rules and policies will cover it.

Neither is true. Information infrastructure and governance is an all-in proposition. It requires diligence on the part of employees, oversight on the part of management, direction from the enterprise strategy, and true, firm support from company ownership levels. It ain’t easy.

But it’s mandatory. In this litigious age, the smallest infraction from information management policy can - and will - result in grievous penalty and even business-threatening consequences.

Order IT Infrastructure Kit Download Selected Pages

- more info

Most security breaches are not discovered for over 9 months

July 30th, 2015

Security Breaches - Secrurity BreachesSecurity incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks.

Most companies take over 9 months to discover a breach has occurred, often only when notified by outside parties. Surprisingly, a recent research study showed that more than 90% of successful breaches used only the most basic techniques. Today's advanced breaches can work over weeks or months, sending small, innocuous packets to command-and-control servers while
capturing secure or regulated information from your systems.

Order Security Manual Download Selected Pages 

 

- more info

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

July 2nd, 2015

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

 Order Disaster Plan TemplateDisaster Plan Sample

Following  the 10 commandments of disaster recovery and business contunity are the keys to a successful planning and execution of those plans.

  1. Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
  2. Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
  3. Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
  4. Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
  5. Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
  6. Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
  7. Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing— silo testing alone does not accurately reflect multiple applications going down simultaneously.
  8. Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
  9. Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
  10. Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Order Disaster Plan TemplateDisaster Plan Sample

 

- more info

Security issues that CIOs need to manage

July 1st, 2015

Security Manual

Security is a critical issues as related in several posts:

Order Security ManualTable of Contents

- more info

SEC requires security threats to be reported in 10-Ks

June 8th, 2015

SEC now requires Companies now have to report cybersecurity risks in their 10-Ks, and asdvises them to include even possible threats whose disclosure are not currently mandated by state breach-notification laws.

The SEC feels that it is better to make disclosures if a company has had a number of incidents, even if they are not individually material.

Security Policies - Procedures - Audit Tools

- more info

GPS puts us closer to 1984 as predicted in Sept 2000 in PSR Reviews

May 28th, 2015

Back in September of 2000, M V Janulaitis in PSR Reviews predicted that we were moving into a period when Orwell’s 1984 would be a reality.  Today with the new legislation for the USA Freedom Act (replacement for the Patriot Act), NSA data gathering, and even TV shows that show how we all can be and are tracked.  Privacy is now a luxury that is only available in areas where there is no cell or wifi coverage.  Two historic issue that you may want to read are:

  • 2000 is Closer to 1984 Than You Think
  • Face Recognition By Computer is a Reality

  • Electronic Sensitive Information Policy

    With identify theft and cyber attacks on the rise, you’re facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
    such as:

    • Implementing an information security program
    • Encrypting data
    • Notifying customers in the event of a security breach that compromises unencrypted personal information
    Order Sensitive Information PolicySensitive Information policy
    - more info

    C-Level executives within IT Articles

    May 12th, 2015

    C-Level executives within IT Related Articles

    Chief Information Officer - Chief Technology Officer

    Order CIO Job Description
    1. IT Job Descriptions Released  IT Job Descriptions have just been updated in the IT Position Descriptions HandiGuide Janco announced today the release of IT Job Descriptions in...
    2. Is It Time To Appoint a Chief Mobility Officer  Is the time right to create a Chief Mobility Officer (CMoO) position The time has arrived to legitimize and define the role of the chief...
    3. Is a Chief Mobility Officer necessary  Chief Mobility Officer now almost a necessity The idea of a company having a chief mobility officer (CMO) is not a new one. But as...
    4. 10 reasons why organizations need a Chief Mobility Officer (CMoO) Chief Mobility Officer (CMoO) business case Here are ten reasons your company needs a chief mobility officer: To deliver mobility solutions for the enterprise to...
    5. Released Internet and Information Technology Position Descriptions HandiGuide,  Internet and Information Technology Position Descriptions HandiGuide, Janco has released the Internet and IT Position Descriptions HandiGuide® which is over 700 pages; includes...
    - more info

    CFO to hold back on spending - Will that mean a pull back in IT

    April 27th, 2015

    CFO Magazine reports that April 2015 Corporate Cash Indicators more financial executives will be a little less freer with their cash expeditures this quarter.  Since over 40% of all CIOs report to the CFO this could mean there will be a pull back on IT expenditures.

    Threat Vulnerability AssessmentDownload Threat AssessementDownload Threat Assessement
    - more info

    CIO Best Practices Digest

    April 14th, 2015

    CIO Best Practices Digest

    1. Top 10 issues for CIOs in 2014 Top 10 issues for CIOs in 2014 The top 10 issues that CIOs need to address in 2014 are driven by the current economic and...
    2. Top 10 CIO Leadership and Management Traits CIOs and IT Managers who are successful have some common leadership  and management traits Are one of the people and able to get their hands...
    3. Top 10 Things a CIO Needs to Add Value  Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies...
    4. Top 10 CIO Productivity and Budgeting Issues  CIO – Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
    5. CIOs Drive Enterprise Management Processes  IT Infrastructure is key to CIOs leading enterprises in their management processes CIOs and other members of the IT management team could be the reason...
    Order CIO Job Description
    - more info

    H-1B program runs amuck

    April 9th, 2015

    H-1B program runs amuck

    Information technology workers at Southern California Edison (SCE) are being laid off and replaced by H-1B workers from India. Some employees are training their replacements, and many have already lost their jobs.

    Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

    Order Salary Survey    Free Salary Survey

    Many US IT pros are upset and say they can't understand how H-1B guest workers can be used to replace US workers given the current economic conditions.

    The SEC IT organization is expected to layoff about 400 , with another 100 or so employees leaving voluntarily.

    - more info

    21 States have unemployments rates of 6% or higher

    March 17th, 2015

    States with High Unemployment - 21 States have 6.0% or greater unemployed 

    High unemployment states

    Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

    Order Salary Survey    Free Salary Survey
    - more info

    Many companies lack basic security protocols, such as two-factor authentication

    March 2nd, 2015

    Companies are increasingly reliant on third-parties to notify them that their security has been compromised.

    Companies are continuing to find cyber attackers sooner. In the latest annual cyber-threat report the average time a company takes to detect a data breach fell to 205 days in 2014, down from an estimated 229 in 2013 and 243 in 2012.

    But as cyberattacks increase in complexity and sophistication, companies don’t always have the in-house resources to detect them. As a result, only 31% of organizations discovered they were breached through their own resources last year, compared with 33% in 2013 and 37% in 2012.

    Business and professional services and retail operations saw the most online intrusions from malicious hackers in 2014. A common thread in these breaches is a lack of basic security protocols, such as two-factor authentication. Without two-factor authentication safeguards, a single stolen credential - obtained through phishing campaigns or social engineering — can leave an entire network vulnerable.

    Order Security ManualTable of Contents

  • Security Manual Template (Policies and Procedures) (ISO Compliant)
  • Security Manual Template and Audit Program
  • Security Manual Template and Disaster Recovery Business Continuity Template Bundle
  • Security Manual Template, Disaster Recovery Business Continuity Template, and Safety Program Bundle
  • Security Manual Template and Disaster Recovery Business Continuity Template Audit Bundle
  • Payment Card Industry (PCI) Data Security Audit Program
  • Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
  • Security Audit Program
  • Patriot Act Security Bundle
  • Compliance with HIPAA Standards
  • Compliance with FIPS 199
  • Threat and Vulnerability Assessment
  • Threat Risk Assessment Extended Service
  • - more info

    Disasater Recovery and the Cloud best and worst practices defined

    February 10th, 2015 Outsourcing TemplateDisasater Recovery and the Cloud best and worst practices are defined in the articles listed below
    1. Outsourcing top 10 reasons why it fails  Top 10 reasons why outsourcing fail 10 reasons why outsourcing arrangements fails No clearly defined long-term strategic organizational objective is defined – the outsourcing arrangement...
    2. Top 10 Reasons Cloud Solutions are Expanding  Top 10 Reasons Cloud Computing is Exploding As CIOs and businesses move organizations towards cloud solutions and processing there are many benefits.  The top 10...
    3. Disaster Plans now include cloud  More CIOs opt for Disaster Plans that include the cloud Once a CIO includes a cloud provider in their disaster plans the flood gates are...
    4. Many CIOs have not addressed cloud security issues  Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...
    5. 10 reasons to move Disaster Recovery to the Cloud  Top 10 reasons why the cloud makes sense for disaster recovery planning Cloud data disaster recovery protection solutions offer a combination of the latest advancements...
    Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract
    - more info

    IT salaries are moving up across the board according to Janco

    January 24th, 2015

    2015 IT Salary Survey shows that salaries for IT Pros are moving up as 112,000 jobs were added in 2014

    The 2015 Salary Survey, just released by Janco Associates and eJobDescription.com, is good news for IT Professionals.  The survey shows that hiring and salaries have improved for IT positions in most North American metropolitan areas.

    The CEO of Janco Associates, Mr. Victor Janulaitis said, “For the first time in over 6 years salaries for IT Pros have moved up almost across the board.  We believe that this is due to the fact that over 112,000 new IT jobs were created in the last 12 months and that the economy seems to be in a recovery mode.”

    The findings presented in Janco’s 2015 IT Salary Survey include:

      • In 2014 the IT job market grew by 112,800 versus 74,900 and 62,500 in 2013 and 2012 respectively according to the Bureau of Labor Statistics (BLS).
    • IT Job Market Growth

      • IT compensation for all IT Professionals has increased by 2.81% in the last 12 months. 
        • Between January 2014 and January 2015 the total mean compensation for all IT Professionals has increased from $79,352 to $81,583.  This puts overall compensation back at the levels they were at in January 2008 and 2007.
        • In mid-sized enterprises, the mean total compensation for all positions has increased by 3.23% from $76,198 to $78,656.   
        • In large enterprises, the median compensation has risen from $83,197 to $84,550.

      • CIOs compensation has moved up (2.28%) in larger companies and slightly less (2.15%) in smaller and mid-sized companies in the past 12 months.  The mean compensation for CIOs in large enterprises is now $185,359 and $175,205 in mid-sized enterprises.
        • Media CIO tenure has increased from 4 years and 3 months to 4 years and 4 months.  In companies of all sizes fewer CIOs have changed jobs in the last 12 months than in prior years.
      • Positions in highest demand are all associated with the quality control, BYOD implementation, capacity planning and service level improvement.
      • Over the long term IT executives have fared better in mid-sized companies than large companies.
        • In mid-sized companies IT executive salaries have recovered all of the losses sustained in the recession and in some cases exceeded prior highs.
        • In large companies IT executive salaries are where they were in 2008.
      • Cost control is still the rule of the day; however we have seen an increase in the number of "part-timers" and contractors who are focused on particular critical projects. 
      • On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
        • A number of enterprises are moving help desks and data center operations in-house which has resulted in an increase demand for data center managers.
      • Mandated requirements for records management systems and electronic medical records have increased the demand for quality control staff and custodians (librarians) of mechanized records.
      • Companies are continuing to refine the benefits provided to full time IT professionals. Though benefits such as health care are available to 80%, IT professionals are now paying a greater portion of that cost.
      Order Salary Survey  Provide Salary Data  Free Salary Survey
      IT Job Market Growth
    • IT compensation for all IT Professionals has increased by 2.81% in the last 12 months. 
      • Between January 2014 and January 2015 the total mean compensation for all IT Professionals has increased from $79,352 to $81,583.  This puts overall compensation back at the levels they were at in January 2008 and 2007.
      • In mid-sized enterprises, the mean total compensation for all positions has increased by 3.23% from $76,198 to $78,656.   
      • In large enterprises, the median compensation has risen from $83,197 to $84,550.

    • CIOs compensation has moved up (2.28%) in larger companies and slightly less (2.15%) in smaller and mid-sized companies in the past 12 months.  The mean compensation for CIOs in large enterprises is now $185,359 and $175,205 in mid-sized enterprises.
      • Media CIO tenure has increased from 4 years and 3 months to 4 years and 4 months.  In companies of all sizes fewer CIOs have changed jobs in the last 12 months than in prior years.
    • Positions in highest demand are all associated with the quality control, BYOD implementation, capacity planning and service level improvement.
    • Cost control is still the rule of the day; however we have seen an increase in the number of "part-timers" and contractors who are focused on particular critical projects. 
    • On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
      • Order Salary Survey    Free Salary Survey
    - more info

    Cloud based application improve productivity

    January 14th, 2015

    Accounting systems must be up-to-date in order to provide the fastest and most efficient reporting.  Cloud-based financial management solutions let companies:   

    • Eliminate tedious, error-prone, reports from Microsoft Excel.
    • See up-to-date and accurate data on every area of your business.
    • Easily create and share customized reports across your organization.
    • Achieve unprecedented agility to ensure your business keeps up with change.

    How to Guide for
    Cloud Processing and Outsourcing

    ISO Compliant - Including ISO 31000

    Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract

    "How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship," says a CIO of a Fortune 100 company.

    - more info

    Mobile computing explosion causes security risks to multiply

    November 29th, 2014

    Global mobile traffic grew 60 percent in 2013 alone and is projected to increase 11-fold by 2018. With limited IT budgets and resources, how will CIOs and IT Managers succeed in managing and securing thier network in the mobile workplace revolution?

    Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

    • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
    • Mobile Device Access and Use Policy (more info...)
    • Record Management, Retention, and Destruction Policy (more info...)
    • Social Networking Policy (more info...) Includes electronic form
    • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
    • Travel and Off-Site Meeting Policy (more info...)
    Order
    - more info

    What is the cost of a business iinterruption?

    November 27th, 2014

    Four steps that must be taken to determine if a business continuity plan is worth the investment are listed below. This will allow the organization to determine real dollar cost per downtime event, calculate acceptable data recovery points and return to operation goal. This data will then allow an organization to align itself to a particular disaster recovery organization(s) skill sets and capabilities.

     Order Disaster Plan TemplateDisaster Plan Sample

    MTO Disaster Timeline

    • Conduct a Business Impact Analysis -- The first step is to conduct a business impact analysis. A BIA maps the interdependencies between each system (physical and virtual), application, and component with each business process and service provided. Based on the information collected in that process, a determination can be made on the consequences to the business as a result of disruption. This analysis should prioritize the importance of each process, application, and components in terms of cost to the business when they are no longer accessible. Those costs should include but are not limited to the following:
          1. Lost productivity
          2. Lost revenue
          3. Complicance risk
          4. Reputation loss
    • Determine Recovery Time Objective -- The next step is to determine the Recovery Time Objective (RTO). RTO is the amount of time that a business process must be restored in order to meet Service Level Objectives (SLO) for the business. Organizations need to meet Recovery Time Objectives in order to avoid catastrophic consequences when a process or application continues to be unavailable. While system and component RTOs are important, the application RTO is what is important to the customer, whether internal or external. The RTO is established during the Business Impact Analysis portion of the Business Continuity Plan (BCP).
    • Determine Recovery Point Objective - Next you need to determine the Recovery Point Objective (RPO). RPO is the amount of data loss that is acceptable for a certain time period as part of Business Continuity Planning (BCP). A certain amount of data loss for some processes is tolerable (i.e. a data entry clerk types data in manually to process sales orders, if the data entry clerk keeps the paper files for one day, then the RPO would be 24 hours). Recovery Point Objectives should be carefully planned for each process and application, as traditional backup and restore methods may not meet today's demanding business environments. Snapshot and replication technology enablers are needed in most environments to meet shrinking RPO time requirements. Calculate Cost of Downtime per Hour - How Much Does It Really Cost?
          1. Labor cost per employee multiplied by percentage of employees affected by application or service interruption.
          2. Average revenue per hour multiplied by percentage of revenue affected by outage.

     Order Disaster Plan TemplateDisaster Plan Sample

    - more info