Skip to main content

Chief Information Officer

Chief Information Officer

Chief Information Officer

The Chief Information Officer (CIO) is The CIO oversees IT governance, data management, and information security, as well as the maintenance and enhancement of existing systems to support the organization's day-to-day operations.

Objectives

  • Safeguard company security (e.g Cybersecurity)
  • Ensure visibility of the processes and efficiencies across different departments
  • Manage costs across different processes
  • Drive digital transformation

Challenges

  • Security and data protection
  • Increasing regulatory & compliance requirements
  • Data integrity and systems gaps
  • Finding the best technology solutions
  • Cost Control
  • The profile of open source must be raised

Open Source Awareness

  • Recognise OSS as a reality
  • Determine what projects should/ should not be open source
  • Educate on the growth in reliance on OSS
  • Understand what peer organisations are doing
  • Understand that OSS is not a “last resort” approach, and may often be the best approach

Open Source Engagement

The CIO's interaction with OSS often involves evaluating its viability, security, and long-term support, as well as ensuring compliance with licensing and legal requirements. What are the legal implications of usage: exposure / license violation conditions.It is important to understand where the code lives and the risks associated with e.g. Log4Shell

Furthermore, the CIO plays a critical role in guiding the organization's contributions to open source projects, which not only enhances the company's reputation but also cultivates valuable relationships with the broader OSS community. This includes understanding the extent of its use in their organisation.

Internal Stakeholders

Calls To Action

  1. Read the Survey Report "The State of Open Source in Financial Institutions"

  2. Watch recorded presentations from the 2022 FINOS Open Source Strategy Forum

  3. Attend the FINOS Member Meetings and OSFF events

Expected Activities

Software Inventory

Software inventory is a precondition to most of the activities involved in OSMM level 2. The first step to licence compliance or supply chain security is to understand what software is in your estate.

Open Source Supply Chain Security

In this article we are going to look at the growing issue of software supply chain attacks via some examples and then look at the emerging field of open source supply chain security: what it is, current best practices, the institutional landscape and emerging legislation.

Further Reading