This document summarizes a presentation by Paul Costelloe of the European CIO Association on technology investment decisions for associations. It discusses embracing digital transformation and gaining support for IT investments. It also covers developing an IT readiness strategy, overcoming investment hurdles, and determining which parts of an organization technology needs to reach. The European CIO Association represents over 900 CIOs across Europe and aims to create a platform for knowledge sharing and provide input to European regulatory bodies on IT issues.

1. HOST SPONSOR
#ACTech15
ORGANISED BY
CIO
CIO perspective: Investment decisions and the future
for technology for Associations
Paul Costelloe
European CIO Association

2. 2
A CIO perspective:
investment decisions and the
future for technology for associations
Paul Costelloe
Technology for Associations June 2015

3. 3
Agenda
 Embracing digital transformation: Creating an IT readiness
strategy
 Overcoming the Associations investment hurdle: nice to
have vs need to have financial decisions
 Gaining senior management and full organisational support
for IT transformation investments for ROI
 Coming out of the silo: which parts of the organisation
does technology need to reach
 Supporting external project management

4. CIO Forum
Sweden
Hellenic
CIO Forum
4
Tübiyad
Turkey
• EuroCIO was created by CIOs for
CIOs in 2004.
• An international not-for-profit
association, registered in Brussels
• Governance by members
• 25 direct members
• 11 National CIO Bodies
• 900+ consolidated members
• > 300,000 IT employees
• 14 European countries
• Consolidated IT budgets in excess
of €150 billion
(*) Co-founder
EuroCIO
CIGREF (*)
France
CIO Platform
The Netherlands
Corporate
IT Forum
UK
CIOforum
Belgian Business
VISZ
Hungary
VOICE
Germany
AICA
Italy
European CIO Association
CIO Club
Bulgaria

5. 5
Services
• Network meetings
• Webconferences & webinars
• Councils
• Surveys & studies
• Governance benchmark
• Monthly newsletters
• Study tours (China)
• Education program:
- Executive MBA
- Professional programmes: Architecture, Security

6. 6
Technology requirements
Digital
transformation

7. 7
Four Councils
 Supplier Relationship Council
 Licencing, product strategy, maintenance - IT vendors
 Cloud Computing Council
 Official stakeholder in E.U., EU Cloud Partnership, ETSI
programmes
 HR and Education Council
 EeSA co-chair, CEN steering committee
 Education Program
(MBA, Architecture & Security Courses)
 Cyber Security Council
 Official stakeholder in EU; ENISA / CERT-EU
Make the
business case
Project
management

8. 8
Key European Organisations
European Cloud Partnership
- Cloud providers and EuroCIO
European Union Network and Information Security Agency
(ENISA)
- Cloud Security & Resilience Expert Group
- Produce guidelines for cloud implementation (Public sector / SME)
Cyber Emergency Response Team (CERT-EU)
- Incident response / threat advisories
Europol
- Cyber criminal investigations

9. 9
Cloud Consultation Project
Consultation on specific key actions of the
European Cloud Strategy with business
users of cloud computing services
Directorate General
Communications Networks, Content and Technology
(CNECT)

10. 10
EC Policies and Standards
• Data Protection - Code of Conduct for Cloud Service Providers
- Cloud Select Industry Group (C-SIG)
• Cloud Computing Certification Schemes Metaframework (CCSM),
complemented by Cloud Computing Certification Schemes List (CCSL)
- ENISA (European Union Network and Information Security Agency)
• Cloud Standards Coordination - Final Report
“Cutting through the Jungle of Standards”
- European Telecommunications Standardization Institute
• Cloud Services Level Agreement Standardization Guidelines
- Cloud Select Industry Group (C-SIG)

11. 11
Governance Frameworks
• Control objectives for Information and Related Technology (COBIT)
• RiskIT / ValIT
• IT Infrastructure Library (ITIL)
• E-Competence Framework / Skills Framework for the Information Age
• Industry-specific / regulatory e.g. PCI-DSS
A common terminology based on recognised standards

12. Protecting assets through intelligence, experience,
training and technology

13. Protection and security, every organisation needs it.
About CIPROS International:
CIPROS International is a Security Vulnerability and Risk Management company specialising in
critical infrastructure protection, defending information systems from cyber-attacks and related
business services.
We provide a comprehensive range of services to meet the needs of our clients, spanning a number
of highly volatile industry sectors, including Energy and Utilities, Sport and Sport Regulation,
Insurance and Financial Services, as well as many others.
Our People:
At CIPROS International, we pride ourselves on the quality, integrity and professionalism of all our
people. Our team of experienced professionals come from trusted, confidential and secure business
operational backgrounds, including Security Services, Police, Military, Legal, IT and Finance.
www.ciprosinternational.com

14. 14
Thank you
And any questions?

15. 15
Board of Directors
Freddy Van Den Wyngaert (Agfa-Gevaert) – President
Ali Malaz - Tübiyad (Turkey)
Sjourd Wijdeveld (Wavin) – CIO Platform (NL)
Peter Braun (OTP Bank) – VISZ (Hungary)
Bruno Brocheton (EuroDisney) – CIGREF (France)
Gloria Gazzano (SNAM) – AICA (Italy)
Joss Delissen (PostNord) – CIO Forum (Sweden)
Thomas Endres - VOICE e.V. (Germany)
Michael Gorriz (Daimler AG)
Christian Pagel (SGL Carbon)
Dario Scrosoppi (Generali)
Peter Hagedoorn – Secretary General

16. 16
Objectives
- Creating a European platform for CIO level and senior IT professionals.
- Sharing knowledge and experience via Councils, webmeetings, papers,
etc.
- Providing information on the Association to the outside world (European
Commission, IT-vendors)
- Creating a coherent, cross-national framework between the national IT-
demand organizations and between them and European institutions or
organisations.
- Lobbying at and assisting European Union regulatory authorities, other
international authorities, academics and public bodies in or outside
Europe.
- Getting organised through Councils or other means at European level.
- Communicating with the media at European level.
- Expanding the activities to those European countries which do not have
an organized IT-demand organization

17. HOST SPONSOR
#ACTech15
ORGANISED BY
www.associationsnetwork.org
www.associationscongress.com