WELCOME European CIO Association General Assembly Brussels 25 Nov 2015
Agenda 08.15Opening; Minutes GA Paris, 17 June Council Suppliers; Dario Scrosoppi 08.25Council Cloud Computing; Cyril Bartolo 08.30Council Cyber Security; Edwin d’Hondt 08.35Council HR & Education; Jean-marc Guiol; 08.40Education Program; EC projects; Paul Costelloe 08.45Added Value Inquiry & TaskForce Advise; Board proposal for restructuring EuroCIO Freddy Van den Wyngaert 09.40Financial results AOB, closure
Supplier Relationship Council Chairman & Board sponsor: Dario Scrosoppi Members : Cyril BartoloCorp. Head of Application, Lagardère (FR) Harald CremerSr IT Manager, ThyssenKrupp (DE) Ian TrimICT Procurement, Nestlé (CH) Luc DelombaerdeCIO, Van de Moortele (BE) Maurizio TerdinaCorporate Centre ICT, Generali (IT) Morten WagnerHead of Global IT Sourcing, ISS (DK) Peter BalCIO, Wabco Europe (BE) Steffen RuisingerIT License and Supplier Management, Daimler (DE) Thomas EberhardCIO, Kontron (DE) Ton ArrachartCIO, Van Oord Dredging (NL) Hervé MouthIT Procurement, Airbus (FR) Robert WanderCIO Office, Linde (DE)
Supplier Relationship Council Year plan 2014 Actions 2014: Strong push on SAP Bring in new suppliers Deliverable 2014: use cases (as indirect access, licenses transfer, etc.) endorsed by SAP. Meeting planning 3x Face-to-face – the first in Barcelona in Q One conference call to prepare each face 2 face meeting
Supplier Relationship Council Achievements 2014 Activity is mainly focused on SW Vendors about: Licensing issues Maintenance conditions Audits Product roadmap Currently 2 main vendors engaged, SAP and Microsoft: 3 face-2-face meetings (Amsterdam and Paris [2]) plus conf-calls for the preparation of the meeting SAP back at the table Re-inforced Microsoft links
Supplier Relationship Council Year plan 2015 Actions 2015: Push on achieving some conclusions with SAP & MS Bring in new suppliers ? Deliverable 2015: Close use cases (as indirect access, licenses transfer, etc.) endorsed by SAP Guidelines on audit process Meeting planning 3-4 x Face-2-face (one with MS, one with SAP WW Head of licencing) One conference call to prepare each face-2-face meeting
Cloud Computing Council (CCC) in 2014 Internal sharing of experience and best practices Through conf calls and meetings Start of a list of Cloud outages (a decision criteria being the history of the Provider) Start of a list of best practices and points of attention per Cloud offer (e.g. O365, SForce) EuroCIO participation to European Commission activities ( ) Definition of the European Cloud Strategy (2014) Corresponding Consultation won by EuroCIO to evaluate the satisfaction of the Cloud Users in front of the European Commission activities ( ) European Cloud Partnership (board member) Cloud Standards Coordination (DG CONNECT & ETSI) SIG Certifications + SIG SLA + SIG Data protection code of conduct (DG CONNECT) Safe and Fair Contracts (DG JUST) WP214 Consultation (WP29) [about international data transfers] Regular meetings with DG CONNECT and DG JUST to voice User’s expectations EuroCIO representation in many other European events (EC or non EC) Chairman: Cyril Bartolo Board sponsor: Freddy Van den Wyngaert
Private Cloud OK, Public Cloud not yet Private Cloud is a great first step keeping control on most things Public Cloud adoption is far lower than expected: not mature enough Gartner 2008: SaaS estimated to 25% in 2011 is now estimated to 10% in 2018… A new CCC deliverable (still gathering comments before making it public) “Obstacles to go Public Cloud and solutions (EuroCIO) v0c” Obstacles to go Public Cloud Contracts are unbalanced and not negotiable Providers not liable for service interruption, data loss, data breach Users are civilly and penally liable Legal compliance (e.g. data protection) are complex to understand and to meet Missing Cloud security certification stamped by the ECommission => Public Cloud is sometimes doable but does require a strong understanding and a very strong negotiation power to limit the risks
Weak Cloud framework to improve But the best IT guys and lawyers can’t really negotiate a Cloud contract due to the weak European legal framework in disfavor of the Users => Enterprises should dedicate a few time to lobby/voice User’s expectations If not the laws will remain in favor of Cloud Providers and the Users will continue to be at risk: we should not let others define our Cloud future For that, punctual time from Experts are needed in some domains: Standards and certifications Security Data protection Cloud contracts SLA & interoperability & reversibility
Council CyberSecurity Chairman: Edwin D’Hondt Board sponsor: Christian Pagel Council members : Ad Krikke, CISO, DSM (NL)Joss Delissen, CIO, POSTNORD (SE) Alf Moens, CISO, SURF (NL) Andreas Gaetje, IT Security, GENERALI (IT)Matthieu Boutin, Mission Director, CIGREF (FR) Bruno Chenet, Head of ICT-Security, AIRBUS (FR) Ove Bristrand, Cloud & Security Advisor, DFS CIO FORUM (SE) Christian Meyer, CISO, SGL CARBON (DE)Petros Theodorakis, CIO, DESFA (EL) Edwin d'Hondt, VP Enterprise Architecture & Infrastructure, UMICORE (BE) Sofia Moilinou, IT Security, INTERAMERICAN (EL) Jan Wessels, Information Security and Risk Management, RABOBANK (NL) Steffen Siguda, Corporate InfoSec and Data Protection Officer, OSRAM (DE) John Petersen, Group IS/IT Security, NESTLE (CH) Wim Hafkamp, CISO, RABOBANK (NL) Joris Van Herzele, CISO, UMICORE (BE)Wim Sonnemans, IT Security Architect, ASML (NL) Joseph Mager, CISO, NS.NL (NL)
Council CyberSecurity November 2014 Deliverables 2014 Organize the council Realize major corner stones We defined for EuroCIO network the mission statement on Cyber Security We defined a template-framework to structure the Cyber Security scope Governance and Legislation Incident Management and Awareness continued communication Business monitoring and Maintain platform of trustees Establish Master Class on Cyber Security We defined with PDB and Paul Costello the content and set-up We will start Master Class as of January 2015 Link to European Commission We developed and maintain interface with EC and EC-CERT
Council CyberSecurity November 2014 Plan 2015 Optimize the template-framework We will update the content together with the project team of the World Economic Forum (WEF). A one-day seminar is planned for early 2015 at the company DSM. Invites will go to our council members / EuroCIO members and WEF delegates. Hereafter we will by priority enrich the topics within the template-framework. Enrich content of Master Class on Cyber Security Improve two-way communication with EuroCIO network members Structurally formalise the information sharing with direct members and National Bodies
HR&Education Council Chairman: Jean-Marc Guiol Director of Education program: Paul Costelloe Board sponsor: Christian Pagel Members : Costelloe, Paul EuroCIO (UK) Degli Esposti, Fabio SEA Milano (IT) Delissen, Joss PostNord (SE) Gran, Inger DFS CIO Forum (SE) Hecker, Christoph Voice eV (DE) Kerteszne Gerecz, Eszter VISZ (HU) Lau, Frederic CIGREF (FR) Pagel, Christian Thyssen-Krupp (DE) Staudinger, Bernd Daimler (DE) Sulliga, Peter Bayer (DE) Van den Wyngaert, Freddy Agfa-Gevaert (BE) Vogd, Foppe CIO Platform (NL)
Design of an approach to increase participation and bring value to participants E-leadership Journey, first draft in May with a limited group of participants Approved by Eurocio Board in June Decision to launch the initiative during the annual conference (workshop #5) EuroCIO participation to European Commission activities CEN/WS ICT Skills meetings European commission projects GUIDE: ownership of 3 curriculum profiles Secretariat of the Grand Coalition: Dissemination of Digital Agenda activities Intraprise: Promotion of entrepreneurial activities within organisations HR&Education Council
e-leadership curriculum profile Innovation & Transformation through ICT
e-leadership curriculum profile Business & Enterprise Architecture
e-leadership curriculum profile Information Security Governance
Executive Education Programme Professional Programme in Business and Enterprise Architecture Cohort 2 commenced Executive MBA Nyenrode TU Munich Master Classes in Information Security Management January 2015 launch Feedback from customer survey
HR&Education Council Year plan 2015 Actions 2015: Nominate a project manager Deliver first actions derived from the workshop through webinars (x3) and council meetings (x2) Follow-up on EC projects