1. Hide
Harashima
(@hideh)
Baruch
College
CIS
9001:
Informa=on
Systems
for
Managers
April
23,
2012
2. I
w
cover
a
prac=cal
case
study
of
how
I
was
ill
able
to
shape
the
role
of
IT
from
being
a
disparate
group
into
being
a
business
enabler.
§ Who?
§ Why?
§ When?
§ What?
§ How?
@hideh,
April
23,
2012
3. Who
1990s:
§ Washington
University
in
St.
Louis
§ NY
Medical
College
§ Consul=ng
Firm
(Accenture)
§ CommonMind,
GiSMe
§ Angel=ps,
EarlyBird
Capital
§ 1999
@hideh,
April
23,
2012
4. Who
2001-‐2011:
§ Premier
Research
Group
§ Director
Applica=on
Development
–
Create
new
tech
products
for
the
market.
§ Product
Launches
–
clinical
web
portal,
2002,
IVRS,
2003,
Clinical
Trial
Management
System,
2004
§ 2004,
the
company
divested
its
clinical
trial
business,
at
which
point
I
became
the
head
of
IT.
§ Acquisi=on
period
(8
over
the
span
of
5
years),
responsible
for
integra=on
of
systems,
processes
and
integra=on
of
culture.
@hideh,
April
23,
2012
5. Who
2011+:
§ Return
to
start
up
world
for
product
development
§ The
JAR
Group,
CTO
§ nLy=cs,
CTO,
co-‐founder
Corporate
CIO
turned
Entrepreneur/CTO
@hideh,
April
23,
2012
6.
Tonight,
we’ll
discuss
my
experience
as
a
CIO;
We’ll
talk
about
some
road
blocks
encountered
and
how
we
overcame
them
to
become
a
department
that
led
strategy
versus
one
that
accepted
orders
from
other
departments.
@hideh,
April
23,
2012
7. Why?
Informa=on
Technology’s
role
is
to
provide
the
best
technology
and
support
possible
while
s=ll
sa=sfying
customer
needs
and
regulatory
requirements.
@hideh,
April
23,
2012
8. Why?
This
answers
the
ques=on
of
WHY
we
exist?
Start
with
the
high
level
purpose,
ensure
everyone
understands
this,
then
we
can
drill
down
with
the
more
tac=cal
‘what’
and
‘how’
of
our
department.
@hideh,
April
23,
2012
9. Where
were
we
in
2005?
§ At
this
point,
the
company
had
just
divested
business
to
focus
on
the
core
services
of
providing
clinical
research
services
to
Phamarmaceu=cal
companies.
§ The
economy
was
recovering,
and
the
Board
had
pressed
forward
with
an
aggressive
acquisi=on
plan.
§ Board:
“Do
more
with
less.”
By
the
way,
be
global.
§ I
bought
into
that,
and
our
ac=ons
and
budgets
reflected
this.
I
was
not
in
a
posi=on
to
ask
for
more.
@hideh,
April
23,
2012
10. Where
were
we
in
2006?
§ 500
employees
strong
spread
across
8
physical
loca=ons.
Con=nued
focus
on
providing
the
best
technology
solu=ons
with
what
we
had.
§ Create
an
ac=onable
plan
(Be
proac)ve,
not
reac)ve).
1. We
needed
a
purpose
2. We
had
to
break
down
communica=on
barriers
3. We
needed
an
organiza=onal
structure
that
reflected
our
priori=es
4. We
needed
bemer
performance
measurements
so
we
can
be
accountable
for
our
strategic
projects
§ At
this
point,
I
could
not
ask
for
any
major
capex
items.
I
felt
that
we
had
to
address
these
4
items
before
evalua=ng
how
technology
capex
can
provide
us
with
a
strategic
advantage
over
our
compe==on.
@hideh,
April
23,
2012
11. Key
Learning
#1
Don’t
Underes)mate
the
Value
of
Technology
@hideh,
April
23,
2012
12. Technology
Value
Corporate
Unifica)on
CIO’s
today
face
the
same
daun=ng
task
that
I
did
which
is
bringing
about
unifica=on,
to
par=es
with
en=rely
different
sets
of
expecta=ons.
And
in
understanding
these
expecta=ons
-‐-‐and
their
significance
-‐-‐
the
CIO
takes
on
a
strategic
role
in
the
corpora=on.
He
or
she
becomes
deeply
involved
in
every
aspect
of
the
company's
opera=ons
and
always
has
an
eye
out
to
do
things
in
the
most
cost-‐
effec=ve
manner.
Understand
Data
Flow
IT
pervades
every
part
of
the
corpora=on
and
so
there's
no
aspect
of
the
business
that
a
CIO
can
afford
not
to
understand.
Seeing
from
this
vantage
point
allows
us
to
apply
IT
solu=ons
across
a
unified
field.
@hideh,
April
23,
2012
13. Technology
Value
Back
Office
-‐>
Boardroom
This
is
largely
why
over
the
past
decade
the
CIO
has
moved
from
the
back
office
to
the
execu=ve
boardroom.
Leading
Visionary
The
CIO
is
emerging
as
the
corpora=on’s
leading
visionary,
and
more
and
more
CIOs
are
tapped
by
the
board
to
be
CEO*.
*CIO
Magazine
has
noted
that
requests
for
CIOs
in
the
boardroom
are
outpacing
any
other
func=onal
area.
@hideh,
April
23,
2012
14. Embrace
technology
and
be
not
afraid!
@hideh,
April
23,
2012
16. Communica=ng
Up
Transparency:
I
don’t
mean
public
speaking
or
the
ability
to
write
perfectly.
We
need
to
be
honest
and
not
sugar
coat.
To
C-‐level
execs,
more
likely
than
not,
they
do
not
understand
what
it
takes
to
manage
technology
infrastructure
or
what
it
costs
to
just
keep
the
status
quo.
@hideh,
April
23,
2012
17. Communica=ng
Up
What
does
it
take?
I
communicated
three
main
points.
1. Cost
of
Business:
Applica=ons
such
as
payroll,
HR,
G/L,
AP,
AR,
email,
communica=ons,
network,
website.
These
are
essen=al
IT
areas
to
be
"part
of
the
game."
Without
it,
the
company
cannot
func=on.
Our
job
as
CIO?
2. Blue
Chip
Spend:
The
second
part
of
communica=ng
up
is
conveying
a
clear
plan
of
how
you
plan
on
running
the
business
bemer.
What
the
CEO
doesn’t
want
to
hear.
3. High
Risk
Projects:
This
is
an
area
of
the
budget
that
can
bring
poten=ally
high
returns,
or
losses.
If
you’re
in
an
industry
where
innova=on
is
essen=al,
you
need
to
come
up
with
ideas
that
requires
risk.
@hideh,
April
23,
2012
18. Communica=ng
Down
Leadership
is
a
human
experience.
It
doesn't
happen
on
paper,
with
rank
or
publicity.
It's
earned
when
others
choose
to
follow
you.
@hideh,
April
23,
2012
19. Communica=ng
Down
Daily
Interac=on:
§ Ques)ons
-‐
Ask
many
ques=ons
and
assess
what
success
looks
like
for
them.
§ Failing
is
OK
-‐
Build
up
their
confidence
and
allow
people
to
fail.
§ Con)nuous
feedback
–
everyone
needs
it
but
everyone
responds
differently.
Be
conscious
of
that.
§ Gain
trust
-‐
Without
that,
you
won’t
be
able
to
achieve
a
quarter
of
what
you
want.
@hideh,
April
23,
2012
20. Communica=ng
Sideways
What?
Iden=fy
influencers
in
all
departments
(HR,
Marke=ng,
Business
Development,
Finance,
Opera=ons)
@hideh,
April
23,
2012
21. Communica=ng
Sideways
§ Why
sideways?
As
a
leader,
if
you
can
communicate
your
vision
effec=vely
to
this
group,
they
will
become
your
advocates.
§ Respect
–
Give
and
get
§ Turning
Point
–
To
get
buy-‐in
from
stakeholders
and
Board
members
for
my
vision
of
technology
strategy,
which
shaped
the
business.
@hideh,
April
23,
2012
22. Communica=ng
Sideways
Convey
#1
learning
outside
of
IT
Technology
doesn't
run
the
business,
but
the
business
cannot
run
without
technology.
If
we
can
work
together,
we
can
use
technology
with
your
business
strategy,
and
will
drive
enormous
value.
“Let
me
help
you
succeed.”
@hideh,
April
23,
2012
23. Key
Learning
#3
Gain
Trust
or
You
Will
Fail
@hideh,
April
23,
2012
24. “Trust
has
two
dimensions:
competence
and
integrity.
People
will
forgive
mistakes
of
competence.
Mistakes
of
integrity
are
harder
to
overcome.”
@hideh,
April
23,
2012
25. Trust
What
was
the
best
way
to
do
so
at
the
=me?
@hideh,
April
23,
2012
26. Trust
I
made
myself
be
the
Service
Desk.
For
8
weeks.
Why?
1. To
understand
the
challenges
of
the
organiza=on
2. Get
to
know
everyone
in
the
company
and
to
show
we’re
aligned
@hideh,
April
23,
2012
27. Trust
Results:
1. Expected
-‐
Got
to
know
everyone.
2. Unexpected
-‐
Because
of
new
staff
being
added
through
acquisi=on,
what
typically
happened
with
our
organiza=on
was
that
IT
was
not
well
liked
or
respected.
One
by
one,
I
gained
the
trust
and
respect
by
humanizing
IT.
@hideh,
April
23,
2012
28. Trust
The
Technology
group
started
to
understand
other
departments.
The
dialogue
started
to
shiS
from,
“they
just
want
new
hardware”
or
“They
want
us
to
waive
our
magic
wand?”
to
“how
can
we
work
together?”
@hideh,
April
23,
2012
29. Trust
I’m
not
saying
you
should
do
this
(don’t
do
it)
or
that
this
is
the
best
way
to
gain
trust,
but
in
my
case,
I
learned
a
great
deal
from
it.
The
trust
from
the
user
community
had
great
effect,
but
the
trust
gained
for
my
department
had
an
even
greater
effect.
@hideh,
April
23,
2012
32. Business
Descrip,on
Information
Technology’s
role
is
to
provide
the
best
technology
and
support
possible
while
still
satisfying
customer
needs
and
regulatory
requirements.
33.
Business
Descrip,on
WHAT?
(What
are
the
business
needs?
What
makes
us
unique?)
Ensure
that
our
technology
offerings
provide
a
competitive
edge
in
the
CRO
industry.
▪ Continuous
improvement
of
the
security
posture
of
the
company,
both
physical
and
logical
(security)
▪ enhance
existing
support
offerings
to
reflect
global
operations
(collaboration)
▪ delivery
of
a
true
disaster-‐resilient
system
(business
continuity)
▪ reducing
long-‐term
costs
across
all
technology
systems
(efficiency)
34.
Business
Descrip,on
HOW?
1. People:
Develop,
train,
and
retain
personnel.
2. Process:
a) Liaise
between
the
business
and
technical
sides
of
the
enterprise
in
a
practical
manner
to
solve
problems.
b) Define
and
translate
business
goals
and
strategies
into
systems
expectations
and
deliver
a
portfolio
of
technology
projects.
c) Utilize
the
latest
technologies
and
processes
used
in
the
industry.
3. Performance:
Ensuring
our
primary
focus
remains
on
customer
satisfaction.
36.
Business
Descrip,on
Technology
Personnel:
• xx
full
time
employees
(1
contractor
FTE,
1
temp)
• Voluntary
turnover
rate
in
2009:
3.4%
• Voluntary
turnover
rate
in
2010:
7.6%
• Voluntary
turnover
rate
in
2011:
0.0%
• Average
number
of
years
technology
experience:
16
years
(range
10-‐25)
• Average
tenure
with
[redacted]:
7
years
NB:
Turnover
is
equal
to
the
number
of
employees
leaving,
divided
by
the
average
total
number
of
employees,
multiplied
by
100.
The
number
of
employees
leaving
and
the
total
number
of
employees
are
measured
over
one
calendar
year.
37.
Business
Descrip,on
(Systems)
We
support
##+
regulated
systems
and
##+
enterprise
systems
on
a
day
to
day
basis
ranging
from
corporate
email
to
global
data
management
platforms
to
financial
systems.
Of
the
###
servers
in
our
inventory:
• ##%
Enterprise/Corporate
• ##%
Biometrics
Operations
(not
including
ITCS)
• ##%
IT
systems
• ##%
ITCS
• ##%
Finance
• ##%
Clinical
Research
Centers
• ##%
Other
38.
Business
Descrip,on
(Systems)
System
name
and
version
(partial
list):
• Oracle
Clinical
v
x.x
• Oracle
Clinical
TMS/RDC
v
x.x
• [REDACTED]
39.
Business
Descrip,on
(Systems)
Enterprise
Systems
(partial
list):
• Sharepoint
(Intranet,
SOP
Repository)
• [REDACTED]
• ADP
payroll
42. Business
Descrip,on
(Data
Center)
Collocation
facilities:
[Redacted]
43.
Business
Descrip,on
(Data
Center)
Collocation
Data
Center
facility:
▪ [Redacted]
– Covers
Long
Distance
and
Internet
at
most
US
locations
– Allows
for
a
single
point
of
contact
for
troubleshooting
▪ Located
in
[Redacted]
(##
miles
from
the
[Redacted]office)
▪ ##
locked
server
cabinets
in
a
card
accessed
caged
area
▪ ##
IT
staff
located
in
Austin
have
card-‐key
access
and
cabinet
combination
codes
▪ [Redacted]
provides
the
environmental
safe
guards
while
[Redacted]
owns
and
maintains
the
infrastructure
equipment
44. Business
Descrip,on
(Data
Center)
Physical
Assurances
at
this
facility:
1. Security
2. Power
3. Fire
Suppression
4. HVAC
45. Business
Descrip,on
(Data
Center)
Security:
▪ 24x7
on-‐site
physical
security
– Including
security
cameras
– Monitored
live
with
30
day
digital
backup
– Individual
locking
cabinets
or
cages
– Card-‐key
access
▪ 24x7
monitoring
– Network
Services
– Telecommunication
Services
▪ 24x7
controlled
access
46. Business
Descrip,on
(Data
Center)
Security:
47. Business
Descrip,on
(Data
Center)
Security:
48. Business
Descrip,on
(Data
Center)
Power:
▪ Generator
– Detroit
750
kW
backup
generator
– 3000
gallon
diesel
fuel
capacity
– 100
hours
of
run
time
– Same
day
fuel
delivery
– 4
different
fuel
providers
– Load
tested
monthly
▪ Uninterruptible
Power
Supply
/
Battery
Backup
– Needed
to
handle
the
power
requirements
while
the
generator
powers
up
49. Business
Descrip,on
(Data
Center)
Power:
50.
Business
Descrip,on
(Data
Center)
Fire
Suppression:
▪ Fike
FM
200
Clean
Agent
Suppression
System
– Covers
entire
1st
floor
w/
dampers
in
each
room
to
contain
fire
and
suppression
agent
▪ No
dry
pipe
or
wet
sprinkler
system
– No
damage
to
electrical
components
▪ Nationally
contracted
Semi-‐Annual
tests
53. Business
Descrip,on
(Data
Center)
Heating,
Ventilating,
and
Air
Conditioning
(HVAC):
▪ Two
22
ton
HVAC
units
and
one
5
ton
HVAC
unit
▪ Temperature
ranges
of
68
to
78
degrees
Fahrenheit
▪ Humidity
levels
targeted
to
50%,
but
fluctuate
in
the
range
of
35%
to
65%
▪ Nationally
contracted
Quarterly
tests
54. Business
Descrip,on
(Data
Center)
Heating,
Ventilating,
and
Air
Conditioning
(HVAC):
55. Business
Descrip,on
(Data
Center)
Heating,
Ventilating,
and
Air
Conditioning
(HVAC):
65.
Business
Descrip,on
(DR/BC)
Disaster
Recovery/Business
Continuity
summary:
▪ Ensure
site
to
site
replication
of
data
for
critical
systems
▪ Perform
quarterly
restore
tests
from
backup
tape.
▪ Build
automatic
failover
where
possible
for
the
circuit,
networking
devices,
storage,
and
servers:
– Network
Fault
Tolerance
built
into
the
architecture,
which
allows
for
seamless
failover
if
a
network
equipment
fails.
– Data
Storage
Fault
Tolerance
built
into
the
architecture.
In
the
event
of
a
disk
failure,
the
systems
and
its
data
will
still
function.
▪ Perform
annual
Disaster
Recovery
testing
“Disaster readiness is 99% preparation.”
66. Technology
Group
Op,miza,on
Managing
complexity
&
Achieving
Agility,
Reduce
Cost,
Increase
Efficiency
Where
are
we?
Uncoordinated,
manual
infrastructure
Managed IT
Infrastructure
with limited Managed and
automation consolidated IT
Infrastructure Fully automated
with maximum management,
automation dynamic resource
Usage , business
linked SLA’s
More
Cost Efficient Cost Business Strategic
Center Center Enabler Asset
67. Key
Issues
(Ques,ons)
How
do
each
of
these
issues
map
back
to
the
short
and
long
term
planning?
What
are
the
capex
items
needed
to
address
them?
Questions
we
are/should
be
asking
ourselves:
▪ How
does
IT
achieve
that
agility
while
serving
the
business?
▪ Are
we
using
technology
to
transform
our
business,
or
are
we
just
adding
bells
and
whistles
to
existing
processes?
(Incremental
improvements
in
existing
systems
vs
strategic
changes)
▪ Are
we
ignoring
important
business
differences
as
we
standardize
processes
across
the
company?
▪ Who
is
making
sure
technology
projects
are
prioritized
based
on
service
level
agreements?
▪ Is
data
empowering
staff
or
controlling
them?
68.
Known
Issues
(1
of
2)
1. Limited
Disaster
Recovery
Infrastructure
increases
risk
for
business
continuity
(Risk
Mitigation/Mission
Critical)
2. Network
upgrade
(switches)
and
Firewall
updates
required
in
the
data
center
(Mission
Critical)
3. Lack
of
definition
of
Service
Level
Agreements
(SLA)
for
internal
systems
creates
priority
conflicts
(Risk
Mitigation)
4. End
of
life
PCs
cause
delays
in
client
deliverables
and
no
unified
communication
(Mission
Critical/cost
of
business)
69.
Known
Issues
(2
of
2)
5.
Lack
of
clarity
between
standard
system
implementation
lifecycle
activities
and
computer
system
validation,
resulting
in
inappropriate
resource
distribution
and
extended
timelines.
(Efficiency
Creation)
6. The
circulation,
review,
approval
and
version
management
of
CSV
documentation
is
a
manual
and
cumbersome
process,
adding
significant
time
to
the
overall
lifecycle
and
support
of
the
system
(Efficiency
Creation)
7. Upgrades
and
Changes
are
not
adequately
managed
across
systems
and
departments
causing
potential
validation,
operational
and
system
issues
(Risk
Mitigation)
70.
Market
Opportunity
Strengths,
Weaknesses,
Opportuni,es,
Threats
Helpful
Harmful
(to
achieving
the
objec,ve)
(to
achieving
the
objec,ve)
Internal
Origin
Strengths
Weaknesses
(aYributes
of
the
-‐ Technology
skills
-‐
[redacted]
organiza,on)
-‐ Client
support
-‐
Lack
of
personnel
resources
-‐
Ins,tu,onal
knowledge
-‐
Financial
resources
-‐
Hardware
re-‐use
-‐
Lack
of
SLA
creates
priority
-‐ Collabora,ve
environment
conflict
-‐
DR
for
core
Life
Science
systems
External
Origin
Opportuni9es
Threats
(aYributes
of
the
-‐ Technology
maturing
(VM)
-‐ Loss
of
key
staff
environment)
-‐ Vendor
nego,a,on
-‐ Security
breach
-‐ Compe,,ve
CRO
market
-‐ New
Regulatory
requirements
(slow
to
adopt
systems)
-‐ Compe,,ve
CRO
market
-‐
Vendor
complexity
increases
costs
71. Plan
Outline
Short-‐Term
(next
6
months)
1. Prepare
for
expansion
[redacted].*
2. Implement
Disaster
Recovery
Capabilities
for
[redacted]
(Key
issue
#1)
3. Upgrade
the
connectivity
between
the
switches
and
the
firewall
hardware
in
the
data
center
to
best
support
security
and
decrease
downtime
during
maintenance.
(Key
issue
#2)
4. Define
Service
Level
Agreements
(SLA)
for
internal
systems
to
avoid
priority
conflicts.
(Key
issue
#3)
72.
Plan
Outline
Short-‐Term
(next
6
months)
5. Identify,
purchase,
and
deploy
PC
updates
(Key
issue
#4).
6. Improve
timelines
for
regulated
system
implementation
to
ensure
the
tools
are
made
available
to
maintain
technological
competitive
edge.
(Key
issue
#6)
7. Personnel
Requirements:
e) [redacted].
(Key
issue
#4)
f) [redacted].
(Key
issue
#5,
6,
7)
73.
Plan
Outline
Mid-‐Term
(next
7
-‐
18
months)
1. [redacted]
2. Implement
a
validated
[redacted].
3. Computer
System
Validation
initiatives:
a) Streamline
System
Implementation
and
Validation
Processes.
b) Enhance
Change
Management
and
System
Administration
processes
c) Establish
a
Validation
Service
Offering
(revenue
generating
opportunity)
d) Seek
out
possible
Document
Management
and
Workflow
systems
4. Apply
[redacted],
allow
for
better
internal
collaboration,
and
responsiveness.
74.
Plan
Outline
Long-‐Term
(>
18
months)
§ Deliver
[redacted]
proposal
algorithm
calculations,
forecasting,
projections,
reporting.
§ Implement
[redacted]
(server
based
vs
client
model)
for
improved
speed/performance.
75. Financial
Overview
Key
Expenditure
Request
Summary of Capital Expenditure Request
(grouped by category, ordered by priority)
Security
[redacted]
Back
up
and
Recovery
[redacted]
Disaster
Recovery
[redacted]
Opera,ons
Expansion
and
scalability
[redacted]
Oracle
Clinical
[redacted]
[redacted]
Laptop
Refresh
Project
[redacted]
Network
upgrades
[redacted]
SharePoint
Upgrade
[redacted]
Server
Warrantee
and
support
[redacted]
TOTAL
[redacted]
76. Financial
Overview
Key
Expenditures
[redacted],
percentage
of
the
company’s
IT
operating
budget:
§ Total
staff
labor
(direct
and
indirect),
payroll
taxes
and
benefit:
[redacted]
o Full-‐time
IT
staff:
[redacted]
o Contractors:
[redacted]
o payroll
taxes
and
benefits:
[redacted]
§ Software
costs
(including
new
licenses,
maintenance
fees,
software
subscription
fees
for
software-‐as-‐a
service):
[redacted]
§ Hardware
infrastructure
(e.g.,
purchases
or
leases
of
networking
hardware,
storage,
PCs,
servers,
or
use
of
infrastructure-‐as-‐a-‐service):
[redacted]
§ Third-‐party
IT
services
(e.g.,
consulting,
systems
integration/third
party
development
services,
outsourcing,
hardware
support
services,
and
network
managed
services):
[redacted]
§ Other
(e.g.
T&E,
occupancy
costs,
office
supplies):
[redacted]
Note:
[redacted].
77. Plan
Summary
In
order
to
ensure
that
our
technology
offerings
provide
a
competitive
edge,
we
need
to
invest
in
our
infrastructure
and
people.
The
short
and
mid-‐term
plans
will
allow
the
business
to
have
technology
as
a
strategic
asset
and
increase
productivity
and
profitability.
This
will
require
a
capital
expenditure
of
[redacted]
78. 1. Don’t
Underes=mate
the
Value
of
Technology
2. Communicate
Clearly
Up,
Down,
Sideways
3. Gain
Trust
or
You
Will
Fail
Hide
Harashima
(@hideh)
@hideh,
April
23,
2012