Sarbanes Oxley Compliance Kit

Order Sarbanes Oxley kit

The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Sarbanes-Oxley Section 404 requires that:

  • Enterprises have an enterprise wide security policy;
  • Enterprises have enterprise wide classification of data for security, risk, and business impact;
  • Enterprises have security related standards and procedures;
  • Enterprises have formal security based documentation, auditing, and testing in place;
  • Enterprise enforce separation of duties; and
  • Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.

To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:

  • Security Policies (all editions);
  • Threat & Vulnerability Assessment Tool (all editions);
  • Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
  • Safety Program Template (all editions);
  • Disaster Recovery Template (all editions);
  • Outsourcing guide update to reflect what you vendors need to do (all editions);
  • Software tool to monitor key data files (all editions);
  • Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
  • IT Service Management Template (Platinum Edition).

Order Sarbanes Oxley Kit


Disaster Plan

Disaster Recovery Template (DRP) 

The Disaster Recovery Plan template (DRP) can be used for any enterprise.   DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Download Disaster Recovery TemplateDisaster Recovery Manager

Order Security Manual TemplateSecurity Manual 

The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for your security plan.Download Security Manual Template


Order IT Job Descriptions220 Internet and  IT Job Descriptions     

The 220 Internet and IT Position Descriptions are in Word for Windows format.  Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.Download IT Job Descriptions


ITSM IT Service ManagementOrder IT Service ManagementThe IT Service Management Template

The  IT Service Management Template contains policies, standards,  procedures and metrics for Change Control, Help Desk and Service Request processing.  ITSM template also contains several easy to implement forms and conforms with ITIL.Download IT Job Descriptions


Order Oursouricng HandiGuidePractical Guide for IT Outsourcing

The guide is 91 packed pages and includes everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise. Download Outsourcing HandiGuide


Order Safety Program TemplateSafety Program Template

The plan is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement.  The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).  Download Safety Program Template









Sarbanes-Oxley Issues and News

Disaster Recovery Planning & Business Continuity Planning Quick Action Steps Defined

May 2nd, 2016

Disaster Planning Template

The must do things that your company must do to make sure the disaster recovery and business continuity plan will work when they are need are:

  • Distribute the disaster recovery and business continuity plan or a HandiGuide® to all decision makers and key operating employees who will need access to it when the event occurs.

  • Define the chain of command with single leader but do not limit the people who would have to implement the disaster recovery business continuity plan when the event occurs if that leader is unavailable.
  • Conduct frequent tests and address all areas where shortcomings are found.
  • Conduct the tests in an unannounced mode
  • Validated that mission critical data is at sites other than the primary data center
  • Establish a communication plan that can be implemented after the disaster.

Disaster Planning Security Template

HandiGuide is a Janco Associates registered trademark 

- more info

Top 10 Cloud SLA Best Practices

April 11th, 2016

Top 10 Cloud SLA Best PracticesTop 10 Cloud SLA Best Practices

  1. Define SLA roles and responsibilities for the enterprise and cloud providers
  2. Define key terms
  3. Define specific identifiable metrics for performance by the cloud provider
  4. Specify how and when the enterprise has access to its own data and networks
  5. Specify specific SLA infrastructure and requirements methodology
  6. Provide for disaster recovery and continuity of operations planning and testing
  7. Describe any applicable exception criteria when the cloud provider’s performance measures do not apply
  8. Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data
  9. Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met
  10. Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures

Change Control - Help Desk - Service Requests Blog - Personal Web Site - Sensitive Information

ITSM Template Download Selected Pages
- more info

Full employment states picture improves even more

March 25th, 2016

Full employment states employment picture improves even more

The states which are in "full employment" continue to improve to the point that there are some labor shortages in those markets.

Full Employment States

Order Salary SurveyDownload Selected Pages

- more info

The Chief Data Officer - CDO - is it a new C-Level job or not?

February 17th, 2016

The Chief Data Officer - CDO - is it a new C-Level job or not ?

The Chief Data Officer (CDO) is responsibility for a company's data-management initiatives, everything that has to do with information quality, information management, information strategy and acquisition. That is not the same as the chief digital officer, whose focus lies more on digital transformation and a company's efforts toward that end.

It's the chief data officer job to assume responsibility for all data while the CIO retains control over all things associated with infrastructure and implementation.

CDO job description2016 Internet and IT Position Description HandiGuide Released

There are now 273 IT Job Descriptions available that that have been updated to meet the latest compliance and new technology requirements. The HandiGuide can be acquired in MS WORD and / or PDF format.  In addition we provide the option to get updates and free custom job descriptions.

The job descriptions that we have added are:

- more info

Security Breach News

January 18th, 2016

Security Breach ProtectionSecurity Breach News

- more info

Value of severance packages declines, but are still offered

December 2nd, 2015

Value of severance packages declines, but are still offered

Interview and Hiring GuideThe value of cash severance packages have declined in recent years. However, 69% of companies still provide some top IT pros some kind of severance arrangement. Data shows that only half of companies pay cash severance upon voluntary termination, even if it's for "good reason."
In addition, the prevalence of some other benefits has declined since 2011, reflecting the trend away from perquisites and personal benefits.
Other typical severence benefits :

  • Pay a "stub year" bonus (typically pro rata) for the year in which an individualncurs a qualifying termination of employment.
  • Continue health-care benefits for 24 months the most typical practice
  • Outplacement services.

Order Interview Hiring Guide Download Interview Guide

- more info

First hour after event occurs is critical

November 12th, 2015

First hour after event occurs is critical

Incident Communication PlanManaging the the first hour after a disaster or business interuption occurs is critica.

Getting it right in the first critical stages of any incident is a key determinant of a successful continuity outcome. Janco's  Incident Communication Plan provides road map on how to have an integrated and proactive response.  It includes the processes and tools needed to deliver a well-managed incident communication plan.

Facilitating the overall response is vital: learn how to bring everything together and ensure your response combines the speed, control, leadership and decision making that can meet the needs of a dynamic situation, whatever the scale and scope of the event.

Order PolicySample Policy

- more info

Top BYOD Articles

September 24th, 2015

Top BYOD articles.

  1. Released BYOD Policy Template – Bring-Your-Own-Device  BYOD Policy Template Janco has announced an update to  the “BYOD Policy Template – Bring-Your-Own-Device”. BYOD Policy Template Includes an electronic form for employee agreement...
  2. 10 BYOD Best Practices for CIOs  BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations.  CIOs are in the cross hairs and need to follow...
  3. Top 10 Best Practices for BYOD  Best practices for  BYOD Janco has defined the following 10 best practices to follow as BYOD is implement. Have a BYOD policy in place before...
  4. 60% of all organizations have BYOD policy in place  BYOD Policy – 60% of all organizations have a BYOD policy in place Most organizations are already making the move to BYOD. According to a...

 Download Selected Pages

- more info

FCC fines ISP $750,000

August 20th, 2015

FCC fines ISP $750,000

he FCC's Enforcement Division found that at five conventions across the U.S., the Smart City network sent coded messages called de-authentication frames to devices connected to personal hotspots, such as those created by smartphones.

These messages were sent to Wi-Fi base stations to terminate connections. The FCC said that Smart City was trying to force users to pay its $80 daily fee for Internet connectivity.

"It is unacceptable for any company to charge consumers exorbitant fees to access the Internet while at the same time blocking them from using their own personal Wi-Fi hotspots to access the Internet," said the chief of the FCC’s Enforcement Bureau.

  • Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
    • Mobile Device Access and Use Policy (more info...)
    • Record Management, Retention, and Destruction Policy (more info...)
    • Social Networking Policy (more info...) Includes electronic form
    • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
    • Travel and Off-Site Meeting Policy (more info...)
- more info

Compliance is driven from the top down

July 1st, 2015

Compliance is driven from the top down.  Executive Management is the prime mover.

Order Compliance Kit

The tone at the top is vital with communication from top management into the middle management team. Some best practices that can periodically reinforce compliance of various policies include middle management facilitating a short time of staff meeting to discuss a specific policy relative to actual business behavior. Training is great yet people need to know what compliant behavior looks to their daily work.

Compliance Process
- more info