David Nicholl, CIO and CTO, Government of Ontario, Canada

Q: Ontario is considered a leader in e-government. Can you give some examples of why?

A: "

Seventy percent of our services are now available at ServiceOntario. Address changes for multiple government programs from a single interface, birth, death and marriage certificate applications, and vehicle registration renewal are all available online, with more services planned.

Web 2.0 represents important changes for the future of government interaction with citizens. Many governments are evaluating these technologies, but few, if any, use the range of tools we do. We use wikis, blogs, microblogs, audio and video podcasts, mashups, social networking, social bookmarking, tag clouds, RSS and virtual worlds.

For instance, our Youth and New Professionals Secretariat conducts a Job Fair in Second Life; the Ministry of Citizenship and Innovation used a Facebook group to recruit young people for its ChangeTheWorld: Ontario Youth Volunteer Challenge; and BizPal, a partnership between the federal government and municipalities, lets business owners quickly compile a customized list of the permits and licenses they need. We're committed to giving our clients and citizens simple, accessible, transparent and accountable services, and providing better value to Ontario taxpayers.

Dan Lane, CTO, Merchant Link

Q: Payment Card Industry (PCI) Standards were changed on Oct. 1, 2008. As a credit card payment gateway, what adjustments did Merchant Link make to adapt to the new standards?

A: "

We've approached security as something we need to do to protect our customers and our business first -- and then make sure we stay compliant with PCI and industry standards. In many areas, we practice what we preach to our customers by exceeding PCI compliance so we won't have to implement significant changes to meet revised standards. Specifically, we move data off and away from servers, educate our clients and employees about credit card security, encourage them to create a crisis plan, and make sure their vendors are equally compliant.

Most of the recent PCI changes clarify existing standards. They should make it easier for IT people to interpret the requirements. For example, there is new language that better defines network segmentation, to limit the scope of access to sensitive cardholder data. It's critical for us to keep improving our security measures in advance of mandates from PCI or other standards organizations.

Lior Blik, CIO, Hoboken University Medical Center

Q: At Hoboken University Medical Center, the CIO is hired as a consultant. How does being a consultant affect your relationship with other C-level executives and department heads at the hospital?

A: " As a consultant CIO, I can draw on outside resources and offer my knowledge of business processes from other verticals. I can deliver results that fulfill the financial aspects of C-level executives' needs.

I also have a positive relationship with employees in the different departments. They know I have no other agenda but to drive results -- that is my job. This understanding creates a sense of freedom when dealing with employees' IT requests and projects the confidence that I will deal with their problems. At the end of the day it's a job with business goals, but there's a human element that makes the relationship with those at HUMC that much stronger and more meaningful. "

Dave Wagner, CIO and Senior Vice President, ON Semiconductor

Q: Earlier this year, your company completed its merger of AMIS Holdings Inc. How does that affect the IT department? How do you bring together disparate technologies?

A: " We're merging two different ERP systems, AMIS's SAP system into ON Semiconductor's Oracle instance. There are differences in business process practices, but where the rubber really hits the road is where data is different. You run into terminology issues, and issues around different levels of data quality and validity checking.

One of the most important things to do is to quickly identify the key subject matter experts in business processes and systems from both companies -- and get them in the same room. They need to start talking through these issues to rapidly reach an agreement about how to move forward. Remember that the faster we can integrate systems, the faster our combined company can realize the full benefits of the merger. Working things out face-to-face is critical to that timing. "

Ken Silva, CTO, VeriSign Inc.

Q: How have factors like VoIP, Internet video, SaaS and mobile computing affected the amount of data that must travel over the Internet? Is data growth threatening to affect user experience?

A: " Data transaction rates are skyrocketing and show no signs of decelerating. In 2000, the ".com" and ".net" systems -- which VeriSign operates -- received 1 billion daily requests for information; today they receive more than 48 billion requests. Internet video and VoIP are among the key drivers for this increase. YouTube's traffic today is equivalent to that of the entire Internet in 2000. VoIP subscriptions are expected to rise from 16 million in 2005 to 55 million in 2009.

With all of this new demand for bandwidth, some folks fear the Internet's going to "break." To make sure this doesn't happen, we're increasing the capacity of the DNS infrastructure 10 times by 2010, pushing capacity from 400 billion DNS queries per day to 4 trillion, and pushing speeds from 20Gbps to 200Gbps. This effort, named Project Titan, includes bringing more resolution sites online globally and refining our systems, operations and processes worldwide. "

Nick Coussoule, CIO, BlueCross BlueShield of Tennessee

Q: You came from outside BlueCross BlueShield of Tennessee to step into the CIO role. What are the biggest challenges of taking over IT leadership when you didn't come up through the ranks?

A: " Coming from outside the organization means having to prove you are not only knowledgeable about the technology component of your job, but that you understand the business. This means getting in front of business and operational leadership, asking questions and learning as much as you can about key business issues.

With IT staff, the major challenge is to build trust. As with any outsider, the first concern from the staff is "What's going to change and how will it impact me?" This is best addressed through frequent and direct communication with the IT leadership team and the staff. It means listening to your team for a better understanding before making rash judgments. It means saying what you are going to do and then doing it consistently. And perhaps most importantly, when you come from outside, there is a tendency to focus on the challenges. Though it is absolutely necessary to address these, you must also remember to recognize and reinforce the positive actions and efforts of your team. "

John Charleson, CIO and Director, Supply Chain Management and Information Technology, Longo Brothers Fruit Market Inc.

Q: How much difference can inventory management make to a retail chain's bottom line?

A: " Understanding the bottom-line impact of inventory management applications requires understanding the solution's effects on several P&L items.

In sales, perpetual inventory plus accurate demand forecasting allow optimization of sales opportunities. Sales can increase significantly if the business was not previously using advanced methods to forecast inventory.

In cost of goods sold (COGS), applications let users review granular demand projections for the coming year and take advantage of vendor deals. An issue we see in retail is under-purchasing for a promotion, then over-purchasing the product when it runs out during the promotion. The result? Higher COGS and forced price reduction to move excess product and avoid spoilage. Inventory management creates better projections and accurate ordering, allowing users to reduce COGS.

In operating expenses, the effect of inventory management is a toss-up. Applications can be costly. However, those that simplify planning can reduce staffing needs. Consolidating inventory receiving efforts might reduce labor costs as well.

Since the bottom line is driven by all of these, it's pretty apparent that inventory management software can positively affect P&L. Another important benefit is enhanced relationships with customers -- since we have product in stock when they want it -- and with suppliers, as we move to more collaborative planning and provide visibility to our forecast. "

Claudio Caballero, CIO, WorkshopLive Web site

Q: What are the challenges for a dot-com transitioning to Web 2.0?

A: " As with anything in IT, there are both business and technical challenges.

The business challenge is to add the community, user-generated content, collaboration and other Web 2.0 features to our site without breaking what already works. This also means making sure our loyal customers are happy with the changes, not annoyed by them, and that the overall user experience improves rather than becomes cluttered.

On the technical side, you need very rigorous project portfolio management targeted against business plans and desired enterprise architecture. Everything you do must solve not only the immediate business needs but add to or improve the infrastructure's capabilities to meet future requirements. Small compromises are unavoidable, but if you find yourself relying on stand-alone solutions, bolt-on workarounds or band-aid fixes, check your premises. It means you are either under-resourced and need to adjust your business plans or taking too narrow a view of your enterprise architecture. "

Joseph Geretz, CIO, SRSsoft

Q: What are some of the unique challenges to managing IT within the healthcare industry?

A: " One particular challenge for managing IT within the healthcare industry involves coordination between disparate information processing systems. Doctors are among the most demanding audience of users, insisting on instant access to information which is scattered throughout separate software applications. A solution to this is a hybrid electronic medical record system that is engineered with open path technology providing for maximum extensibility and interoperability. It allows users to directly access external applications and data through one system. "

Peter Walton, Vice President and CIO, Amerada Hess

Q: What do you think of Broadband over Power Lines (BPL)?

A: " We consider ourselves a conservative 'fast follower' of technology, unless there is a possible competitive advantage for us to adopt something early. If we perceive such an advantage with BPL, Amerada Hess would need to be convinced that it is reliable, secure, cost effective and environmentally friendly, and then there would need to be a business case for either switching to BPL or for using it in a new startup location. Additionally, we wonder why a power company would invest in building out their infrastructure when the market is already crowded with DSL, cable and the promise of Wimax to come? Most of our locations are in areas with an overabundance of broadband capability today providing last mile connectivity. I suspect this will likely die in the Gartner 'trough of disillusionment' or sooner on the hype cycle curve. "

Ross Philo, CIO, U.S. Postal Service

Q: The Postal Service has made many product and service advancements that include sophisticated online mailing tools for businesses and automated postal centers. What is the biggest IT challenge to maintaining that online infrastructure?

A: " The biggest challenges to maintaining the U.S. Postal Service's online infrastructure is its size and the ever-increasing number of visitors who go to the USPS Web site to access its many products and services. These are challenges we are more than happy to have. The Postal Service has had an online presence since 1994. Since 1998, we have launched a number of applications to better serve our customers in an electronic environment, and as a result, the USPS Web site has grown between 18% and 22% annually. The IT group manages the increased demand on our infrastructure by analyzing growth-rate trends, infrastructure changes and planned events such as ad campaigns and so on. The analysis provides us with the information we need to adjust capacity on a continuous basis and make necessary changes to avoid disruption of service. We have utilized the trend analysis process since 2003 to estimate our growth each year, and we have met the peak demand of our customers. Maintaining performance and staying ahead of demand are key to our online presence. "

Jack Nelson, Senior Vice President and CIO of Mount Sinai Medical Center

Q: What is the most interesting project you're currently working on?

A: " The implementation of McKesson's Horizon Surgical Manager system is he most interesting project we are working on this year. It will provide tangible benefits to a wide range of our constituents and improve the efficiency of many operational areas. Surgeons will benefit from the streamlined surgical scheduling process including the ability to view future schedules and request operating room time via the Internet. The availability of real-time patient tracking information will enhance communication between the operating room staff and the surgeons and will allow patient's families to be continuously updated as to where their loved ones are in the surgical process.

Nursing staff in the operating room will be able to efficiently generate all of the required clinical documentation via online data capture. And, the operating room management team will have data analysis tools in hand to quickly and effectively respond to the ever changing demands of a complex environment and to make data driven decisions for future planning.

The hospital's bottom line will be improved by automating the capture and transmission of operating room supply and time charges to our patient accounting system and by reducing supply chain costs through the implementation of perpetual inventory in the operating rooms. "

Eric Goldfarb, CIO, BearingPoint

Q: Hiring and retaining skilled professionals remains a challenge for CIOs. How are you meeting that challenge?

A: " I would agree that hiring and retaining is one of several burning issues facing CIOs today. In order to meet that challenge, we invest in our people. We also create a very collaborative organization, meaning we encourage people to mentor and learn from each other. We try to make our company an employer of choice, so we value diversity. Ultimately, at the end of the day, we try to create an environment within the IT organization where an employee can't think of a better place to work. In order to do that, you need to focus on training and development, compensation, benefits and the whole work-life balance. We do a class for employees at Yale: a one-week session that we provide for people to help them improve management skills and leadership skills. I do send people on my team to it, and it's a big deal. You want to make sure you are competitive with the marketplace. You want to create career paths and reward your best employees. "

Will Weider, CIO, Ministry Health Care and Affinity Health System

Q: What are the main reasons IT projects fail?

A: " Unfortunately, I have had many opportunities to collect this data. It is a frequent topic on my blog. Reasons include incomplete technical analysis, poor vendor performance, bad process re-design and lack of a capable business champion. But the primary reason for project failure is poor planning. Every project should have a detailed plan that identifies the tasks, task relationships and the resources required. Whenever someone comes to me with a high-level plan in a spreadsheet, I know the length of the project will double when a real plan is completed. A poor understanding of the project's expected benefits is another form of poor planning. I believe projects that don't clearly define business benefits are failures before they start. "

Larry Moran, Executive Vice President - Chief Information Officer, CommonHealth

Q: What are some of the unique challenges to managing IT within an ad agency?

A: " The unique thing about advertising agency technology is that sometimes it enables the work, while at other times it is the work. We need to balance delivery of core technology services to our traditional agencies with support for our digital agency that does Web development and digital video production. Along the way, we are also a service department within a service business. We need to ensure that our business users have the tools they need to make their clients happy and that CommonHealth has the tools it needs to stay profitable and efficient while they do it. If we do our job properly, we can influence how our agency delivers work today, and what form the work will take in the future. "

Craig Bickel, CIO, Lawson Software

Q: What is the biggest challenge to overseeing the IT issues for a global organization?

A: " Perhaps the key IT challenge in a global organization is managing the tension between running the business while providing the foundation for new business models. As companies globalize functions and processes, moving to shared services environments and standardizing processes and service delivery globally, the IT function must provide common, integrated services to support the organization. While this transformation is happening, the IT organization also has to support legacy environments and operations, which can consume more than half of available resources. This often feels like changing the wings of a fully-loaded cargo plane in midflight. Success hinges on management commitment and involvement, flexible staffing and funding models, and a committed and motivated organization. Difficult? Yes. But it must be met if global companies are going to realize the benefits of scale and scope that their size should provide. "

Bob Green, CIO and CPA.CITP, insync Information Management, LLC

Q: Is regulatory compliance still a major issue for CIOs?

A: " It's absolutely a disaster right now. Companies are trying to deal with records management in order to get the information in the hands of people who need it most and also remain in compliance with things required by law. There are other regulatory pressures beyond Sarbanes-Oxley and HIPAA. Email security and archival destruction procedures as well as the Federal Rules of Civil Procedure, which calls for availability of information for a litigation matter, are also a factor. It's all-encompassing. The concept of information and records management gets more pervasive every day with the use of email and Blackberrys. That's really hard to do. Information management isn't just about the CIO job. It's a bigger issue than IT. It's what is important to Finance and to the executive branch as well and should involve both the CFO and the CEO. It is their fiduciary responsibility to protect their assets. "

Tim Toews, CIO, Office Depot

Q: What challenges do CIOs at global organizations face this year?

A: " CIOs at large, global companies like Office Depot will be facing a number of challenges over the next few years. But with those challenges come a number of opportunities for positive change and growth. The top challenges that I see CIOs having to conquer are alignment to business and speed to market with IT solutions; delivering IT solutions at an appropriate cost and that we consistently meet our expected ROI; understanding the importance of security and of course compliance; motivating associates and offering them opportunities to develop their skill sets and work with new and innovative software; globalization; complexity of systems; and stability, where IT needs to be dependable and deliver stable and available platforms. "

Greg Buoncontri, CIO, Pitney Bowes

Q: How do you manage IT priorities in a weak economy?

A: " It's about alignment and governance and setting priorities. For the most part, IT organizations have been efficient with their spending, but deciding which investments should get precedence over others and how you govern and stay aligned with your business partners can be a challenge. There's always more demand for IT services than there is man power or financial capacity to fulfill it. That's the reality of the IT industry, whether you are in flush times or lean times. We try to balance the company's priorities. You are constantly juggling. All the constituencies can't be served. There's internal governance which consists of trying to get business cases built for IT investments. Your workforce isn't fungible. If your priority has been sales force automation systems for three years, and the next two years the priority is the supply chain, it's not easy to shift the resources into that other discipline. The skills may be different; the technology is different. It's hard to deal with these very steep, cyclical changes. You wind up training, hiring and looking to third party providers to assist you. There has to be a good governance mechanism, and you need to communicate to key stakeholders outside of IT so they understand the way decisions have been made and the way priorities have been set. If priorities are well understood by the company, they get it. If you don't have alignment in the organization around priorities, there are going to be groups who feel they are not being supported which leads to dysfunctional behavior and IT becomes a block. "

Martin Trzaskalik, CIO, cleverbridge

Q: How are you dealing with the current spam and security threats within your organization, such as botnets, phishing, spoofing, spyware and the like?

A: " Cleverbridge employs two strategies to protect both its internal office environment and its service platform from attacks. First, we have securely configured our infrastructure, making sure that all of our systems are hardened, all the latest available patches and up-to-date anti-malware tools have been run or installed, and we only grant access rights that are absolutely necessary. Equally important, or perhaps more so, is our second strategy: user education. Phishing attacks initially were successful because they hit an unprepared and uneducated audience. This is essentially true for every emerging threat. Ensuring that the technical staff, as well as all company employees, is familiar with new threats is a key to successfully thwarting attacks. It's about being proactive versus reactive. "

Ken Fell, CIO and Vice President of Information Technology, New York Independent System Operator

Q: Is NERC making energy IT better?

A: " No. The only thing NERC is doing is putting security standards on us. We have lots of agencies that give us security standards and none of them are quite the same. That costs me something. It becomes a resource issue. We don't have any issue with the standards. We're trying to figure out how to provide the documentation required. How do I stay compliant with all of them and still maintain a budget and level of resources to be able to do it?

Security is a big deal, but that doesn't necessarily make me better at what I do. That's a critical component, but does it help me be more efficient and have a quality product? That's not even in the game. "

Matt Ebaugh, VP- CIO, Silvercross Hospital

Q: There is often a big challenge in adoption of electronic medical records (EMR) technology among physicians. What is at the heart of this issue?

A: " There are three reasons why physicians are reluctant. There's the price versus benefit issue. Physicians want to know what the value equation is. The second is about changing the process of how they have been practicing medicine. Physicians who've gone through their residency with EMR are more likely to accommodate the adoption of EMR. The third reason is a little more controversial, and it's the unspoken one. It is the fear of privacy concerns and data sharing. There is unfortunately a great ignorance on all our parts on what the Health Insurance Portability and Accountability Act (HIPAA) is and is not. Banking solved the problem by putting in the Federal Deposit Insurance Company (FDIC). The federal government needs to drive that fear out of the medical community. The fear is real. Having gone through governance structure with physicians, I can tell you it's real. The great irony is that the old processes are much more non-private and insecure today. "

Mark Zielazinski, CIO, El Camino Hospital in Mountain View, Calif.

Q: Is the electronic health records (EHR) approach the Holy Grail in healthcare IT?

A: " I think it is. It's what everybody has been talking about, and I've been in health care since 1980. Here at El Camino Hospital, we've had physician order entry and results reporting since 1971, and all our pharmacy orders are done electronically, with no transcription. Although we've done some interesting things, I'd say we're still fairly far away from electronic records. I think the technical problems are easily resolved, but it's impossible to achieve because of security requirements. A national identifier for patients is a sociopolitical issue.  "

Steve Lapekas, CIO, Pegasus Solutions Inc.

Q: Which skill set is hard to find in an IT employee?

A: " In my role at Pegasus Solutions, I've found the most important yet hardest skill to find in an IT employee is advanced problem-solving skills. In our industry, we offer and work with technology to simplify tasks and business processes for hotels, travel distributors and travel agencies, which are brought together through an underlying complexity. An employee should one, understand the end-to-end process; two, isolate problems; and three, resolve issues in a dynamic environment. Our company is the global leader in providing reservations, distribution and commission processing technology. With a global presence, eager competitors, and so many products and services, it's key we find the right talent to not only "get it," but also continue to make it the best. "

William Gruszka, CIO, Southern Polytechnic State University

Q: Are there unique challenges for you in overseeing IT at a university that specializes in science and technology?

A: " There certainly are unique challenges. The primary challenge is managing user expectations, and it manifests itself in two different ways. The first is that at SPSU we use technology to teach technology. That creates an environment where the technology has to work. At more traditional universities, if the technology does not work, the professor can fall back to another method of teaching. At SPSU we have "hands on" technology in many of our classes and labs. If the technology does not work, the class cannot go on. The other challenge of user expectations is that as a science and technology university, we are expected to have the latest and greatest of technology at all times. Further, we have a high concentration of faculty who are very technologically savvy, which tends to magnify the situation. With the economic challenges facing all of us in higher education, meeting these lofty expectations is a continual struggle. We are forced to take a creative approach to investing in technology, while providing all of the services that our faculty and students need and hopefully most of the services they want. "

Jeff Huegel, Chief Security Officer, USi

Q: How do new regulations and laws concerning electronic document retention impact your organization?

A: " Organizations, ours included, are faced with conflicting requirements in the area of document retention. In the balance are laws and regulations that increase requirements for document retention vis-à-vis costs of storage, costs of security, and increased administration. In addition, companies need to be concerned about aspects of liability and discovery of long-term record retention. To strike the proper balance, we review and accommodate legislated requirements and develop or modify our company policies to meet the regulations in the most cost-effective manner. Then, the important element is consistency of policy enforcement. To manage liability and discovery risks, policies must be effectively and consistently implemented. Compliance with published policies is key to all aspects of effectively managing document retention requirements. "

Bernard F. "Bud" Mathaisel, Senior VP and CIO, Achievo Corporation

Q: What is the biggest challenge for you as a CIO in integrating analytics within your organization?

A: " Data sourcing is my primary concern. Even the most capable analytics engines will produce meaningless analytics if the source data are wrong. Achievo has three major sources of operations information: our enterprise resource package, which contains the transactions and financial audit trail for the outsourcing work we do; our customer relationship management system; and our project management system, which contains workflow and details about how we execute to client engagements, most importantly those that involve onshore and offshore coordination.

The challenge is to pick the data elements out of each of these systems that are relevant to a particular set of analytics. We must further ensure that these elements are properly posted into our data model and that they accurately reflect the situation under analysis. If we want to know revenue and profitability for a specific set of customers that have come to us through our prior work and relationship with those clients, we are going to need access to all three of the source systems. Management must ensure that the data are accurate and reflect a view of the information that is relevant to the analysis, such as in the last six months, for example.

Because these are the capabilities that we sell outside the company, I have tools at my disposal to source the right data at the right time into a data model that can be used to create an effective business intelligence dashboard. "

W. Hord Tipton, CIO, U.S. Department of the Interior

Q: What are some of the biggest IT challenges you face?

A: " Keeping up with changing technology can be difficult, as well as communicating the need to adapt to our department's culture. A lot of it is really about getting the other employees to understand how important information technology is to their day-to-day operations. Public sector workers are much more resistant to change than their counterparts in the private sector.

Also, as a government agency, we have limited resources and often there are tough choices about which IT systems and technologies are most worth the investment, and which will work together best with our existing architectures.

In recent years, network security has become a big issue as well, as we are beginning to recognize the exponential rate of increasing threats. "

Bill Miller, CTO, XAware

Q: Will a recession be good for open source?

A: " First, let's make an important distinction between usage and revenue. Growth in open source usage may be somewhat "recession proof" as IT organizations look for ways to get things done without spending scarce budget. But growth in open source company revenues is certainly not. No spending means no spending, including no spending on open source-related services. It probably will be a good time for commercial open source companies to get aggressive and pick up market share on a usage basis, planting seeds that will produce revenue growth later. The inherently lower cost structures of open source business models will help these companies weather the storm versus license model competitors, allowing them to focus on growing adoption instead of cutting heads and reducing expenses. "

Clark Kelso, CIO, State of California

Q: What can the public sector teach the private sector about IT?

A: " IT in the public sector has learned a lot from the private sector. But the private sector can also learn from the public sector, where we do IT in a fishbowl. For example, I think that public sector IT has a better grip on its fiduciary responsibility as a custodian of private information. We tend to be more sensitive about observing fair information practices. This certainly can increase the costs associated with data collection and sharing, but public trust is promoted by following these practices. The private sector can be oblivious to these concerns, and that risks a regulatory response. Sometimes, you can do well by doing good. "

Rob Israel, CIO, John C. Lincoln Health Network

Q: What is your overall strategy for data protection and IT policy enforcement?

A: " We use a combination of technology and end users' needs to balance out a program that allows them to continue to do their job while protecting electronic assets. Policies and procedures aren't enough. We have to balance it out so that people can still do their jobs.

We need to find out the end user needs and what their processes are. We build security technology around that so we're meeting in the middle.

We don't want anything too restructured or complicated. If that's the case, end users aren't going to use it. We try to keep our policies as minimal as possible and put technology behind that to make sure they're followed.

We also look at the importance of the data and the confidentiality of that data. I'm not going to cry if the word document that has today's cafeteria menu on it gets into someone's hands. If it's patient data, I'm going to take more stringent steps to protect that data. We'll add more layers of security around that tower, rather than build a moat that surrounds the entire kingdom. "

Stuart Sugarman, Senior Vice President and the CIO for NYU Medical Center

Q: Which will play a bigger role in your IT strategy this year, HIPAA or

A: " For healthcare, HIPAA has arrived, while Sarbanes-Oxley is threatening to arrive. As such, the three HIPAA regulations of privacy, electronic data interchange and security currently impact all facets of our IT strategy.

Although HIPAA security, the most recent component of HIPAA to become effective, drives specific behaviors for how we protect and use Electronic Patient Health Information (EPHI), it is, for the most part a series of best practices for IT security. These best practices culminate in a set of IT security policies and procedures surrounding data authorization and encryption, network security and resiliency, user authentication, virus protection, etc. As you can imagine, there is significant overlap between this and many of the components of Sarbanes-Oxley. In our recent outside audit, this Medical Center was measured against a rudimentary set of Sarbanes-Oxley standards; a more rigorous set of standards than previous audits. To me, this is a strong indication of things to come. So while HIPAA figures more prominently than Sarbanes-Oxley this year, Sarbanes-Oxley will not be far behind. However, if you follow strict HIPAA practices, you will be in good shape for Sarbanes-Oxley. "

Roger Batsel, CIO-VP and managing director of Information Systems, Republic Bank & Trust Co.

Q: What was the biggest challenge in implementing an integrated voice response (IVR) and call center management solution for your organization?

A: " The biggest challenge for an organization like ours is that we tend to grow organically. So, you grow around the technology and the tools you have. You begin to realize that with call center technology, you don't need to have everyone in one area. They can be distributed. They can also contract and expand depending on our needs at any given time.

The challenge is looking at what you do now and rethinking how you design your support organizations. The challenge is shaking off the way of thinking built around old technology and old thinking. It also requires people being open and receptive to change across the organization. Prepping your organization to be open and receptive to change is really the hardest thing. "

Dawn Powers, Vice President, Information Security, Prudential Financial

Q: What are some of the biggest issues you deal with in information security administration, and what are some techniques that have proven especially helpful in securing the company's network?

A: " Prudential Financial has processes in place to continually enhance its security administration. One of the biggest challenges we face is streamlining the administration process. In many cases, a single administration request can generate 50 to 80 transactions within our application suite. We are working to implement Functional Role Basing which provides individuals with the systems access to perform their specific work assignments. These roles enhance the implementation of automated provisioning tools that provide consistency, create efficiencies, improve quality, and enables proactive monitoring, which in turn reduces risk. "

Gary Masada, CIO, ChevronTexaco

Q: What is the single biggest challenge energy companies face from an IT standpoint?

A: " For a large, global organization like ChevronTexaco, IT is not simply a service function; it is a fundamental business enabler. You have to look at integrating technology into every aspect of your business, and that poses significant challenges, particularly in the energy sector. We have to manage the flow of information throughout the company, including managing huge volumes of data coming from remote locations in extreme parts of the globe, typically from highly specialized applications. We also have to stretch beyond the traditional role of IT services to become a partner in our R&D efforts, to create innovative new applications of technology to improve exploration. IT must also manage information flow in a very complex supply chain environment. Last, but certainly not least, we have to ensure we handle data in a way that satisfies complex regulatory requirements. "

Susan Brennan, CIO, Sierra Pacific Power

Q: What is the key to protecting your system?

A: " Good planning is essential. We also make sure our protocols are in place and tested, both internally and externally. "

Jim Dillon, CIO, New York State

Q: Can the public and private sectors work together to achieve better IT? How?

A: " With a clear understanding of each other's goals, the public and private sectors can work well together. New York State is the size of a Fortune 10 company but we don't always act like one. The public and private sectors have different goals - corporations to earn profits for shareholders and government to deliver constitutional or statutory services to citizens - but we can often achieve them with similar strategies. We can learn from large corporations who have consolidated and standardized business processes across multiple business units to achieve greater efficiencies and savings. We have taken steps in this regard but more still can be done. In addition, vendors need to be aware of our statewide strategies and goals for enterprise architecture. Vendors who are selling products and services contrary to our strategic plans are not helpful to us. But working "together" I believe we can achieve better IT. "

Paul Schieb, CIO, Children's Hospital Boston

Q: What are some of the biggest information security issues you're dealing with today?

A: " We are working to protect the desktops from viruses and spyware, but there's also a lot of focus on account management and identity management. Since we're a teaching hospital, we have many physicians coming and going, and we need to be able to manage their accounts as they come and go. We're doing a lot of identity and account provisioning, and automating the account provisioning process so that a manager can simply enter the request and the accounts are automatically created. We're also working on a single sign-on initiative, so that a physician can enter their credentials once and get access to everything they need. Because we have so many people sharing machines and the systems are so integral to patient care, there are a lot of issues in automating it and making sure it's secure. "

Brian Furumasu, CIO, Bonneville Power Administration

Q: What are the coming IT threats that you're preparing for right now?

A: " Security is always a threat we have to be vigilant about. I see across the industry the downward pressure to lower costs and deliver all of what a company needs. It's not as much of a threat, but a challenge for us. I am going through a consolidation across IT at Bonneville. We're looking at what we can do differently, do it at a lower cost, and meet the needs of the business and mission of the agency. The most frequently asked question of a CIO is, 'Why does this cost so much?' We're looking at a 25% [budget] decrease over the next two years while still providing and maintaining the same high level of service. I need to be able to provide the same or better services at lower cost. "

Lisa Schlosser, CIO, Department of Housing and Urban Development

Q: Is IT playing a big enough role in supporting major government programs?

A: " Government overall has done a really good job in the past four years at improving and focusing on the use of IT and supporting major programs. Citizens can go to the government Web site Benefits and get access to most services the federal government offers -- and in many cases, the services the state and local governments offer online. We're also looking at ways to eliminate redundant systems, to save costs in the way technology is used, and to increase efficiency. "

Jeff Scime, VP-Operations, SEMDirector

Q: How does your organization use instant messaging (IM) products?

A: " We are a distributed software organization, with six different offices in the U.S. and Latin America. Instant messaging is widely used within our organization, both for internal and limited external communication. We are heavy users of IM and like the productivity and nature of the communication it provides.

We use it to coordinate our communication with customers. We often find that when we have multiple people on conference calls with customers, IM products allow us to ensure that we are able to coordinate our communications in real time. We can use IM technologies to discuss ways to present information to external parties while the calls are taking place.

In addition, we use it internally. We have an open office environment and many of our technical staff and our services staff use IM to discuss online without contributing additional background noise to an already noisy office. We also use IM for remote communications. We use several different IM technologies to exchange documents, links and communication with our remote offices. Our employees have articulated that they like the flexibility of IM technologies to help them formulate thoughts, exchange information in real time outside of email, and keep the trail of communications that show the evolution of the discussion in a way that email products do not support. "

Kamal Bherwani, CIO, New York City Department of Health and Mental Hygiene

Q: You are the CIO for three New York City government agencies. What is the biggest challenge for you and the IT team in terms of that breadth of IT responsibility?

A: " The biggest challenge for me has been to create a model of sustainable IT staffing. While private markets are quite adept at adjusting budgets up and down dynamically, the pace at which this can be done in government is limited. The solution is to create a compelling IT work environment, using the latest technologies. This creates a career path where technology workers learn and grow quickly alongside technology service contractors during the build phase of a project. This allows hands-on learning and has allowed the maintenance of systems to be brought in-house. The turnover rate at all three agencies has turned out to be lower than industry standards. IT professionals who want to do good and have fun have been able to grow professionally, while turning a lower than private-sector salary into a self-investment. "

Stephen Michaele, VP-CIO, Direct Marketing Association

Q: Are there IT challenges that are unique to a trade association?

A: " We have many different constituencies we need to support across lines of businesses. We need systems in place that will do things like track complex information and allow our members to find that information. We are creating systems to help us track user interest and interactions that inform how we can help them, what information they need and how we can get that information to them. We have a database that we've built to track those interests. We use various technologies, including Web technology, database technology and CRM technology.

Budgets are tighter in the non-profit arena, so managing IT and prioritizing is very important. It's a continuum. We're not where we want to be; I don't think anyone is. We support a diverse set of businesses including an educational business as well as a foundation. We've got a research arm, as well. Our individual councils are special interest groups that need a way to share information. They have their own Web pages for sharing information. We built the infrastructure that supports that. We're now looking into supporting blogs and social networking software. "

Gayle Vernon Simkin, CIO, Catholic Healthcare West

Q: What is the most interesting project you're working on these days?

A: " A project that is not just interesting but also fundamental to our core operations is the CareConnect project. The physician-led CareConnect project, also known as the Enterprise Clinical Information System (ECIS), has a goal to directly and dramatically enhance our ability to provide high quality patient care by providing clinicians with ready access to clinical data and effective decision support tools.

The pilot of this project included: a clinical repository to collect data from multiple sources such as laboratory, transcription, pharmacy and clinical documentation; electronic medical record "organizer" for clinicians; a clinical logic engine to process clinical events and trigger "alerts" to physicians regarding care decisions; and remote access for physicians to access the clinical information from their offices or homes through a secure Internet connection.

The program design is now being augmented with Computer Physician Order entry as well as automation in the area of Pharmacy, Emergency Department and Intensive Care. "

David J. Farrer, VP-product development, Apangea Learning Inc.

Q: What is the biggest challenge in making your IT organization more business responsive?

A: " There are several equally important challenges. First, finding and developing qualified personnel are persistent concerns. We have streamlined our interviewing processes and created a mentoring program to address this issue.

Second, communication across functional groups is a challenge in any organization. Implementing a prioritization protocol for business requests has reduced communication overhead and therefore made our organization more responsive.

Finally, the Software as a Service concept is still relatively immature. The result of this is inconsistencies between customer expectations and the service level agreements that an application can realistically achieve. Managing the customers' expectations during the sales cycle and implementing a robust customer service program after the sale have helped alleviate the inconsistency. "

Joe Oesterling, CIO, Cbeyond

Q: How are you currently handling regulatory requirements?

A: " We are moving into what I'll call Year Two or Year Three of living in the regulatory environment. It is now about orienting yourself and your team to the fact that this is a part of life.

Regulatory compliance is not an IT project where you complete it and move on. It has become part of embedding that into our IT management process. That's been a focus area of mine and for a lot of my peers. It's one of the things that to realize true benefits, you have to embed it in the organization. It's easy to do it the first time; the real trick is to embed it for the long term. "

Ed Bell, CIO, ING Direct

Q: As a financial services company, what is your biggest obstacle to better information security?

A: " I'd address it from three perspectives knowing the demands for more and more data by clients -- both internal and external -- is furthering the challenge.

The first is the security of the infrastructure. A lot of dimensions can be addressed around the infrastructure security, firewalls, user permissions, global and local network coverage. The second area would be around the applications and the consistency provided for data access. Specifically, a data architecture that is comprised of information quality with proactive data profiling, common extract formats, common business terminology that relates to specific data elements and always leverages the information hub for real-time or batch access are key. The opposite of that is having redundant copies of data interpreted in various fashions for a multitude of reasons -- not very indicative of a simplified or efficient environment.

The final is risk management and its oversight to ensure tighter control of the data. Classification of the data, education and awareness of the classifications, accountability by the business for their data and ensuring appropriate user access, management oversight on uses of removable storage devices (USB drives and CDs) and constant evaluation that nothing is getting ignored are becoming more important every day. "

Rich McNeil, CIO, Boston Software Systems

Q: As a company that provides hospitals with workflow automation software, what should hospitals consider when evaluating these technologies?

A: " Whenever you introduce one piece of technology, the whole technology fabric of the organization is affected. You'll want to ensure the least amount of disruption to your existing systems and processes. Script development tools allow you to choose the tasks you want to automate without bringing in consultants or vendors.

Match business requirements to functionality. Look for a technology you can use in many different departments, with a variety of applications and systems that will scale to allow automation of simple tasks or complex processes. Interoperability is critical in developing the processes that support major technology initiatives. Interoperability allows you to knit together the applications and systems you're already using and maintain the integrity of your technology fabric. "

Tony Young, CIO, Informatica

Q: Is Sarbanes-Oxley making IT better or worse?

A: " It depends on the IT shop you are in. If you are in a shop that has really strong processes and procedures, it shouldn't have been a significant change to how you do business. I think a lot of what Sarbanes-Oxley is doing is reinforcing good practices in your IT organization. Where some shops have found it to be extremely onerous is that they may not have been very strong in process and procedure to begin with.

We do have good processes and procedures in place, but what also really helped us was that the people on our team that implemented it did an outstanding job. The overhead and additional rigor around the initial implementation was material to our organization, but since then we've worked with our auditors and continued to refine our approach and it's worked for everybody. It's become much more manageable within the organization. "

Dave Leonard, Chief Technology Officer, Infocrossing

Q: How is your company instituting standardization practices across its national network for five data centers?

A: " We've adopted a "best of breed" model which enables us to select the best tools for each data center process. After reviewing existing software licenses and processes across the five data centers, we picked the best products and integrated them into our proprietary "light" management framework throughout all the data centers.

Leveraging our own management framework enabled us to automate on the tool level and write scripts at the point level, instead of the management infrastructure level. Standardization reduces complexity, uncertainty and mistakes by enabling automation of routine tasks and driving consistency into the remaining manual tasks. "

Raj Croager, CIO, FASTSIGNS International, Inc.

Q: How does your organization support its different units that have desktop support issues?

A: " With 500-plus franchisee units in the U.S. and around the world, we've discovered the key to efficiently handling desktop support is being able to see the issue in real-time and solve it, regardless of the franchisee's location. Expecting end-users to fix IT issues themselves is time consuming and frustrating for all involved. To overcome this, we use a remote support tool from NTRglobal called NTRsupport that allows our technicians to either share or take control of their desktop in order to fix their IT issues, thereby reducing the time and cost required to support our franchisees. "

Michael Spears, CIO and Chief Data Officer, National Council on Compensation Insurance, Inc.

Q: What is your strategy of protecting the security of data?

A: " Managing the nation's largest database of workers compensation insurance information is a commitment that NCCI takes very seriously. Information security is a top priority for us. Our strategy is multi-pronged. From an IT perspective, we stay up to date with the latest security technology such as firewalls, network security, vulnerability tests, penetration tests, application scans of Web-based code, laptop data encryption, password reset strategies and so on.

However, this is not enough. We also focus on the human side of security and closely monitor social engineering trends to guard against anyone gaining access to data they shouldn't have. Finally, we voluntarily submit ourselves to rigorous auditing by both in-house and outside parties to ensure we don't have any loopholes in our strategy. "

David Barley, Chief Technology Officer, Casdex, Inc.

Q: What is your biggest IT challenge?

A: " As a digital archive firm that caters largely to small and mid-sized businesses, our main IT focus at Casdex is storage management. With multiple data centers located in various geographical locations, it's always a challenge to ensure that we keep up-to-speed with our timelines and space availability on our servers for our clients. Without doing so, we would lose our competitive edge. "

Larry Lotenero, CIO, University of California, San Francisco, Medical Center

Q: Which will play a bigger role in your IT strategy this year, HIPAA or Sarbanes-Oxley?

A: " For us, it's HIPAA, but our security efforts extend well beyond that into the use of outpatient information and research. Throughout our organization, we make sure the capture and use of data is handled in a way that keeps the data secure, appropriate, and handled accordingly. Our work here is very much push and pull: In a research environment, we need to have information available to other scientists and medical centers, for research and collaboration purposes. But we also need to keep our system very secure. This presents quite a few challenges. "

David Wennergren, CIO, Department of the Navy

Q: Can the public and private sectors work together to achieve better IT?

A: " The strategic partnership between government and industry is absolutely crucial and the places where things work the best are where government and industry work together. The success of the Navy/Marine Corps intranet comes from a performance-based contract where we tell our private-sector partners the results we want to achieve and give incentive payments if they are able to exceed our expectations. The idea of performance-based contracting is powerful, and it brings together government and industry as strategic partners. We take advantage of all the great talents and intellects out there to help us get the mission of the Navy/Marine Corps done. "

Ken Orgeron, CIO, Gardere Wynne Sewell LLP

Q: How does the possibility of natural disasters impact your organizational disaster recovery and business continuity plans?

A: " The possibility of natural disasters is a key focus when designing a Business Continuity/Disaster Recovery Plan. Each part of the plan must be approached differently. The BC Plan focuses on long-term recovery, where the DR Plan will focus on the short-term impact immediately after the natural disaster.

We have offices in Dallas, Houston, Austin, and Mexico City. The threat of a hurricane in Houston triggers the activation of both plans, allowing the office time to prepare. However, if a tornado hit Dallas there might be little time to enact the DR Plan before disaster struck. We would have to rely heavily our detailed BC Plan as destruction could be extensive.

Given this scenario Gardere has developed, and is continuously refining, the BC/DR plan to insure minimal interruption in the services we provide our clients. "

Nicole Spelhaug, Chief of Product Development, Mayo Clinic

Q: What is the most interesting project you are working on?

A: " We're evolving an integration strategy between claims, pharmacy, and lab data with the kind of information tools that we provide to help people manage their health. So as areas of need are identified through a health risk assessment, we can integrate that with health management resources that we provide and the claims data that another partner of ours might supply. We're offering interactive programs and tools to help Fortune 500