"To safeguard an organisation's intelligence, a CIO needs to provide the means with which to identify the systems that are 'intelligence gathering systems'." says Denis Bensch, CIO at FlowCentric Technologies.
In the previous article, we asserted that CIOs are responsible for the information in the company and that the best tools in their arsenal are policies and procedures, says Denis Bensch, CIO at FlowCentric Technologies.
What is the difference between a policy and a procedure?
Policies are the business rules and guidelines under which a company, division, or department will operate. These policies ensure consistency and compliance with the company's strategic direction.
If policies are "what" the organisation does operationally, then procedures are "how" it intends to carry out those operational policies.
Procedures describe how each policy will be put into action in the organisation, in other words, procedures detail who performs what, when and how.
Policies are the guidelines under which Procedures are developed.
Why does a CIO need to create effective policies?
The answer is simple, Intelligence. Not intelligence in an avoid-winning-a-Darwin-Award sense, but rather information that has been refined to meet the need of decision makers.
To understand how valuable intelligence can be to an organisation, look no further than Amazon.
Remember when Amazon was an online bookstore?
Today, "Earth's largest bookstore" sells millions of goods and services, from Halloween costumes for pets, to digital reading devices for book lovers, to landscaping services and cloud storage facilities.
Naturally, many factors played a part in the success of this giant, but recommendation filtering has certainly contributed to that success. Analysing the information collected per customer, identifying their interests and then suggesting products of a similar nature has prompted many customers to make an additional purchase and return for more suggestions.
As intelligence, is a subset of information, and we have already determined that the CIO is the corporate custodian of information, it is therefore natural that the CIO is also responsible for the intelligence of the organisation. This means that the CIO is responsible for providing direction around what is considered intelligence, and what is merely information.
E-mail is prime example of data (information) that can be outsourced to a secure hosted mail system.
"But I love my e-mail!" we hear you gasp. True, e-mail is valuable on a micro scale, but the data contained in that e-mail box is only intelligence to the owner of the mail box because they can interpret it on the fly. Between the cat memes and lunch appointments, it is not feasible to try to mine the contents of multiple inboxes for intelligence.
How can a CIO ensure that the best intelligence is gathered?
In order to control and safeguard the organisation's intelligence, a CIO needs to provide the means with which to identify the systems that are ‘intelligence gathering systems' and which are merely ‘information systems'. This is done with policies and procedures.
Intelligence is commonly created from various sources of aggregated information
Below is an example of how a CIO would use policies and procedures to ensure that customer details are used effectively instead of residing in individuals' contact lists.
Policy would dictate that all customer details should be stored in a CRM and not in individual spreadsheets distributed in e-mails, while procedure would direct staff on how to capture the details from inception. The CRM system can be mined for information, which can be included in intelligence gathering and used to make strategic decisions, such as whether to open a new distribution branch in a customer-rich area.
The CIO's responsibility does not end with generation of intelligence, but also the safeguarding of that intelligence. By stipulating that customer details shall not be stored in spreadsheets and distributed in e-mails, the CIO also ensures that lost mobile devices do not contain lists confidential information that is now outside of company's control. Furthermore, the CIO is controlling the duplication of data, which if unchecked always leads to the question "Is this the latest list? "
In closing, the question raised previously was how does the modern CIO manage the following trio of issues in context of company intelligence?
- Technology, people, business, legislation
- Bring your own device (BYOD) vs Bring your own disaster
- Managing a ‘charge it to the credit card' mentality
The answer lies in the clever (ahem, dare I say intelligent) use of policies and procedures. Provide guidelines on what data will form the foundation of intelligence, and what data will only ever be considered data or information. This aids decision makers in deciding what must be subject to legislation, what can be accessed via mobile devices and what can be outsourced to cloud providers.
Lastly, policies and procedures also shape the character of a company. They define the individuality of a company and the way it does business. In many ways they encapsulate the competitive advantages of a company.
In the next article, we will explore how a CIO uses structured data entry systems to build intelligence systems from data systems.
Keen to receive invitations to complimentary thought leadership events?