Sarbanes Oxley Compliance Kit
The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
Sarbanes-Oxley Section 404 requires that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforce separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what you vendors need to do (all editions);
- Software tool to monitor key data files (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition).
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 220 Internet and IT Position Descriptions are in Word for Windows format. Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The IT Service Management Template contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. ITSM template also contains several easy to implement forms and conforms with ITIL.
The plan is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement. The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).
Sarbanes-Oxley Issues and News
Disaster Recovery Planning & Business Continuity Planning Quick Action Steps DefinedMay 2nd, 2016
Distribute the disaster recovery and business continuity plan or a HandiGuide® to all decision makers and key operating employees who will need access to it when the event occurs.
- Define the chain of command with single leader but do not limit the people who would have to implement the disaster recovery business continuity plan when the event occurs if that leader is unavailable.
- Conduct frequent tests and address all areas where shortcomings are found.
- Conduct the tests in an unannounced mode
- Validated that mission critical data is at sites other than the primary data center
- Establish a communication plan that can be implemented after the disaster.
- more info
HandiGuide is a Janco Associates registered trademark
Top 10 Cloud SLA Best PracticesApril 11th, 2016
- Define SLA roles and responsibilities for the enterprise and cloud providers
- Define key terms
- Define specific identifiable metrics for performance by the cloud provider
- Specify how and when the enterprise has access to its own data and networks
- Specify specific SLA infrastructure and requirements methodology
- Provide for disaster recovery and continuity of operations planning and testing
- Describe any applicable exception criteria when the cloud providers performance measures do not apply
- Specify metrics the cloud provider must meet in order to show it is meeting the enterprises security performance requirements for protecting data
- Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met
- Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures
Change Control - Help Desk - Service Requests Blog - Personal Web Site - Sensitive Informationmore info
Full employment states picture improves even moreMarch 25th, 2016
Full employment states employment picture improves even more
The states which are in "full employment" continue to improve to the point that there are some labor shortages in those markets.more info
The Chief Data Officer - CDO - is it a new C-Level job or not?February 17th, 2016
The Chief Data Officer - CDO - is it a new C-Level job or not ?
The Chief Data Officer (CDO) is responsibility for a company's data-management initiatives, everything that has to do with information quality, information management, information strategy and acquisition. That is not the same as the chief digital officer, whose focus lies more on digital transformation and a company's efforts toward that end.
It's the chief data officer job to assume responsibility for all data while the CIO retains control over all things associated with infrastructure and implementation.
There are now 273 IT Job Descriptions available that that have been updated to meet the latest compliance and new technology requirements. The HandiGuide can be acquired in MS WORD and / or PDF format. In addition we provide the option to get updates and free custom job descriptions.
The job descriptions that we have added are:more info
Security Breach NewsJanuary 18th, 2016
- more info
- Top 10 Reasons Why Security Breaches Occur Top 10 Reasons Why Security Breaches Occur With all of the concerns about security breaches, still one out of ten CIOs and CFOs feel they...
- 5 best practices to improve cyber security 5 best practices CIOs and CSOs need to implement Best practices to improve cyber security among users are: Create awareness programs. Awareness efforts should combine...
- Security Breach on White House Nuclear Computer Data Base Security Breach on White House Nuclear Computer Data Base White House sources partly confirmed that U.S. government computers reportedly including systems used by the...
- Cyber Security is not a reality for many companies Cyber security is a myth in many companies When an internal information breach happens, the perception maybe its the fault of lower-level staff ; yet...
Value of severance packages declines, but are still offeredDecember 2nd, 2015
Value of severance packages declines, but are still offered
The value of cash severance packages have declined in recent years. However, 69% of companies still provide some top IT pros some kind of severance arrangement. Data shows that only half of companies pay cash severance upon voluntary termination, even if it's for "good reason."
In addition, the prevalence of some other benefits has declined since 2011, reflecting the trend away from perquisites and personal benefits.
Other typical severence benefits :
- Pay a "stub year" bonus (typically pro rata) for the year in which an individualncurs a qualifying termination of employment.
- Continue health-care benefits for 24 months the most typical practice
- Outplacement services.
First hour after event occurs is criticalNovember 12th, 2015
First hour after event occurs is critical
Getting it right in the first critical stages of any incident is a key determinant of a successful continuity outcome. Janco's Incident Communication Plan provides road map on how to have an integrated and proactive response. It includes the processes and tools needed to deliver a well-managed incident communication plan.
Facilitating the overall response is vital: learn how to bring everything together and ensure your response combines the speed, control, leadership and decision making that can meet the needs of a dynamic situation, whatever the scale and scope of the event.more info
Top BYOD ArticlesSeptember 24th, 2015
Top BYOD articles.
- Released BYOD Policy Template Bring-Your-Own-Device BYOD Policy Template Janco has announced an update to the BYOD Policy Template Bring-Your-Own-Device. BYOD Policy Template Includes an electronic form for employee agreement...
- 10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow...
- Top 10 Best Practices for BYOD Best practices for BYOD Janco has defined the following 10 best practices to follow as BYOD is implement. Have a BYOD policy in place before...
- 60% of all organizations have BYOD policy in place BYOD Policy 60% of all organizations have a BYOD policy in place Most organizations are already making the move to BYOD. According to a...
FCC fines ISP $750,000August 20th, 2015
FCC fines ISP $750,000
he FCC's Enforcement Division found that at five conventions across the U.S., the Smart City network sent coded messages called de-authentication frames to devices connected to personal hotspots, such as those created by smartphones.
These messages were sent to Wi-Fi base stations to terminate connections. The FCC said that Smart City was trying to force users to pay its $80 daily fee for Internet connectivity.
"It is unacceptable for any company to charge consumers exorbitant fees to access the Internet while at the same time blocking them from using their own personal Wi-Fi hotspots to access the Internet," said the chief of the FCCs Enforcement Bureau.
- Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Mobile Device Access and Use Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Travel and Off-Site Meeting Policy (more info...)
Compliance is driven from the top downJuly 1st, 2015
Compliance is driven from the top down. Executive Management is the prime mover.
The tone at the top is vital with communication from top management into the middle management team. Some best practices that can periodically reinforce compliance of various policies include middle management facilitating a short time of staff meeting to discuss a specific policy relative to actual business behavior. Training is great yet people need to know what compliant behavior looks to their daily work.more info