In any organization, the IT Director or Chief Information/Technology Officer (CIO/CTO) plays a pivotal role in managing and implementing technology, and provides a key strategic interface between technology and the rest of the organization. 

Indeed, in a world that has gone digital and remote, the presence of skilled IT leadership is more important than ever, but just having a CIO on staff may not lead you to the promised land. 

Many organizations either don’t take full advantage of all that their IT Director or CIO has to offer, or they may lack a good sense of how to leverage the skills and insight CIOs bring to the table for day-to-day or strategic decisions. 

We’ve also found that sometimes, executives, Mayors, City Managers, and other decision-makers simply don’t have the right questions to ask.

To help you make the most of your IT Director or CIO, here are some key questions we recommend asking them. 

Do we have an IT Strategic Plan? 

An IT Strategic Plan is a guiding document that gives an organization focus and provides a roadmap for achieving technology and efficiency goals. 

This, in turn, encourages leaders and groups within an organization to assess what’s currently working and what isn’t, so that they can discuss how to address problems, misalignments, or inefficiencies going forward. 

If the answer is “no”, your IT organization may be flying on auto-pilot in the wrong direction. The IT Director or CIO should be at the forefront of this discussion, and as technology evolves, they should actively review the changing landscape and work with other department heads to assess which solutions will better help their constituents, enable staff to become more productive and mesh well with their current IT landscape. 

An IT Steering Committee composed of senior executives can work with the CIO to review and approve the IT Strategic plan, help the organization budget for upcoming IT projects, and ask tough questions to various departments about their need or desire for projects.

What is our disaster recovery plan? 

A disaster recovery plan is a documented process or set of procedures that describes how the organization will protect and recover IT infrastructure in the event of a disaster or large-scale system breach. 

Given the number of potential, sometimes unpredictable threats an organization may face to their systems and data, disaster recovery plans must be both comprehensive and easy to implement in order to be effective. 

It’s up to the IT Director or CIO to make sure the disaster recovery plan is ready to address any catastrophic problem. It should include all personnel and the roles each will play, provide specific plans to mitigate downtime, and offer a clear communication plan. 

All documentation must be readily accessible and should be written as a step-by-step guide that a technical novice can understand and implement. It’s a good idea for the IT Director or the CIO to periodically run through possible disaster scenarios in order to test the disaster recovery plan.

What’s the status of vendor support on our applications? 

Since an IT Director or CIO is in charge of the applications an organization uses, they are best qualified to make sure the organization stays up to date with each of them. 

You don’t want to learn the hard way that an application you depend on has reached end-of-support and no longer receives technical maintenance, upgrades, or security patches. Without support, the organization also has no one to contact if problems with the application arise.  

There is a surprising amount of outdated IT software still being used by organizations around the world. This is a veritable jackpot for hackers and a barrier to digital transformation. The IT Director or CIO needs to stay on top of this and ensure all applications are still being supported.

What patch testing policies and procedures are in place?

Patches are routinely released by software developers when a security vulnerability or other kind of bug is discovered in an already-released application. 

This is critically important because it reduces the risk that an organization will be exposed to security breaches or compliance issues, while also providing increased protection for employees working at home or offsite. 

Patching takes time, but it falls to the IT Director or CIO to ensure that all applications have the latest patches. At the same time, patches sometimes introduce unintended new problems, so there should be a consistent policy in place to test them. 

What cybersecurity measures are in place? What is our recovery process in the event of a breach? Is the organization testing backups to ensure a full restore can take place?

IT Directors and CIOs need to create and implement sound, up-to-date cybersecurity policies and procedures and use the best available tools to mitigate the risk of cyber-attacks. Even then, however, there’s no way to eliminate the risk entirely, so they should also maintain a fully restorable backup of the organization’s data and store it separately from other data to allow for a clean restoration in the event a malicious program gains access to the system.

What IT processes are automated? 

By automating some IT processes, the staff is able to focus on higher-priority initiatives. 

The IT Director or CIO should have a good idea of which processes are best automated. For example, artificial intelligence-based solutions can be used to monitor network logs and identify any unauthorized entry to the network, quarantining, and firewalling any such instances. 

This kind of automation saves IT staff from having to spend countless hours combing through network logs to find unusual or malicious activity, a process which can be a bit like trying to find a needle in a haystack, especially for a large or heavily-trafficked organization.

What Service-Level Agreements are in place between IT and other departments? 

A Service-Level Agreement (SLA) is a contract that defines and establishes the scope of responsibilities the organization’s IT department bears toward other departments, which provides a clear means for prioritizing specific tasks. 

By creating a written narrative that outlines the scope of service, service level times, and other key performance indicators, an IT department can more effectively allocate resources across the entire organization. 

A well-designed SLA improves the delivery of services and manages customer expectations by providing clear, measurable metrics that indicate success. The IT Director or CIO should play a pivotal role in creating any and all SLAs and review them annually alongside other departments. 

By asking these questions, your organization can ensure that your IT Director or CIO is using the full range of their expertise and insight to shape IT strategy and technology initiatives, while also maintaining the day-to-day technology needs of your organization. 

Remember, an effective IT Director or CIO works closely with other departments, creating an essential link between the technology strategy and every other part of the organization. In a time of uncertainty, rampant cyber-attacks, ever-evolving technology, and changing customer expectations, a highly competent IT Director or CIO is a more important member of the team than ever before.

Request Information

Contact us to discuss your current workflow
and infrastructure needs.