Sarbanes Oxley Compliance Kit
The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
Sarbanes-Oxley Section 404 requires that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforce separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what you vendors need to do (all editions);
- Software tool to monitor key data files (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition).
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 220 Internet and IT Position Descriptions are in Word for Windows format. Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The IT Service Management Template contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. ITSM template also contains several easy to implement forms and conforms with ITIL.
The plan is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement. The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).
Sarbanes-Oxley Issues and News
Top BYOD ArticlesSeptember 24th, 2015
Top BYOD articles.
- Released BYOD Policy Template Bring-Your-Own-Device BYOD Policy Template Janco has announced an update to the BYOD Policy Template Bring-Your-Own-Device. BYOD Policy Template Includes an electronic form for employee agreement...
- 10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow...
- Top 10 Best Practices for BYOD Best practices for BYOD Janco has defined the following 10 best practices to follow as BYOD is implement. Have a BYOD policy in place before...
- 60% of all organizations have BYOD policy in place BYOD Policy 60% of all organizations have a BYOD policy in place Most organizations are already making the move to BYOD. According to a...
FCC fines ISP $750,000August 20th, 2015
FCC fines ISP $750,000
he FCC's Enforcement Division found that at five conventions across the U.S., the Smart City network sent coded messages called de-authentication frames to devices connected to personal hotspots, such as those created by smartphones.
These messages were sent to Wi-Fi base stations to terminate connections. The FCC said that Smart City was trying to force users to pay its $80 daily fee for Internet connectivity.
"It is unacceptable for any company to charge consumers exorbitant fees to access the Internet while at the same time blocking them from using their own personal Wi-Fi hotspots to access the Internet," said the chief of the FCCs Enforcement Bureau.
- Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Mobile Device Access and Use Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Travel and Off-Site Meeting Policy (more info...)
Compliance is driven from the top downJuly 1st, 2015
Compliance is driven from the top down. Executive Management is the prime mover.
The tone at the top is vital with communication from top management into the middle management team. Some best practices that can periodically reinforce compliance of various policies include middle management facilitating a short time of staff meeting to discuss a specific policy relative to actual business behavior. Training is great yet people need to know what compliant behavior looks to their daily work.more info
North Korea threatens to cyberattack the USJune 10th, 2015
North Korea threatens to cyberattack the US
North Korea goverment said it would wage a cyber war against the U.S.and that country has been blamed for several large attacks in the past.more info
Compensation is a key factor in the retention of millennials and older employeesMay 23rd, 2015
All employees need to know that they are not only being fairly compensated, but that they have room to grow in the company. While reports of job-hopping millennials may have been exaggerated, it's still important to give your employees a reason to stick around.
Janco finds that when all of these perks are in balance, both young and old employees embrace the company's mission and goals.
In one study on millennials in the work place, 44 percent of millennials polled noted competitive wages as a motivating factor to go with an employer, 52 percent cited growth opportunities. So if you want to make your company attractive to millennials, focus on their ambition and drive.more info
Outsourcing Does Not Always Work OutApril 27th, 2015
The $5.5 billion Clorox company brought in a new CIO because, among other things, it realized it wasn't getting what it wanted out of an extensive outsourcing deal with Hewlett-Packard.
In quick order, the new CIO and his reformed leadership team fixed some outstanding tech issues and re-established internal control of the company's tech direction.
Clorox is a 98-year-old company based in Oakland, Calif., that has 30-plus global brands. These brands include the namesake bleach and everything from Kingsford Charcoal to KC Masterpiece Barbeque Sauce, Glad bags, Hidden Valley Ranch Salad Dressing and Burt's Bees, a natural personal care product line. The company employs some 8,300 people, and has 120 people in IT. There are another 300 to 400 IT people working on the Clorox account at HP.
"How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship," says a CIO of a Fortune 100 company.- more info
Rebalancing Strategies For The Real-Time EnterpriseApril 27th, 2015
The amount of digital information in our world has been exploding while the speed of business is accelerating. There is an unprecedented convergence in the ability to collect and work with big data, simulate, model and predict with game changing fidelity, and previously unimaginable access to information and markets with billions of people communicating and trading through mobility and social media channels. As enterprises attempt to capture and take action on trillions of bytes of data real-time about their customers, suppliers, and operations from millions of people, devices, and embedded sensors which are now connected by digital networks throughout the physical world, the result is a convergence of technology forces that is disrupting the global IT ecosystem. Like other critical components of production such as hard assets and human capital, todays economic activity, innovation, and growth could not take place without the information provided by these persistent and converging forces in mobility, big data, social media and cloud computing.
The business and economic opportunities created by each of these forces are significant, but so are the complexities associated with the global deployment of scarce IT resources. Many executives responsible for these visible initiatives are reassessing their global IT sourcing strategies in order to achieve the right balance of knowledge, quality, risk management, and time to market.
- more info
Disaster Recovery Planning & Business Continuity Planning Quick Action Steps DefinedApril 14th, 2015
Distribute the disaster recovery and business continuity plan or a HandiGuide® to all decision makers and key operating employees who will need access to it when the event occurs.
- Define the chain of command with single leader but do not limit the people who would have to implement the disaster recovery business continuity plan when the event occurs if that leader is unavailable.
- Conduct frequent tests and address all areas where shortcomings are found.
- Conduct the tests in an unannounced mode
- Validated that mission critical data is at sites other than the primary data center
- Establish a communication plan that can be implemented after the disaster.
- more info
HandiGuide is a Janco Associates registered trademark
IoT will cause storage requirements to increase dramaiticallyApril 8th, 2015
IoT will cause storage requirements to increase dramaitically
IoT is the next big thing in technology. As the cost of sensors of many kinds, non-volatile data storage, network connectivity, and computing continue to decrease and the capabilities available at any price point continue to grow, we can instrument everything. We can record data about what each thing does or what goes on around it; continuously analyze whats going on; predict whats about to happen; and (if appropriate) adjust each thing to ensure optimum performance.
Rather than a few billion smar devices, we will have tens of billions generating tens of trillions of data packets that need to be processed, analyzed, stored, and acted on. Thats not going to work for the kinds of platform architectures we have experience with over the past 50 or so years of computing and networking technologies.
Question that need to be answered are:
- Is our data safe in transit and at rest?
- What prevents hackers from gaining access to our data?
- Is our data properly handled, stored, and deleted?
- Who can access our data?
- What are the benchmark measurements?
- Is our data backup strategy compliant?
- Will our recovery be successful?
Changing a compliance report after the fact can be an SEC violationFebruary 14th, 2015
The SEC filed an Enforcement Action against a former Wells Fargo Advisors Compliance Officer for altering an compliance audit report
According to the SEC, the Compliance Officer was responsible for performing trading surveillance reviews and audits to identify potential insider trading activity.
In a September 2010 surveillance review of a particular employee's trading found the CCO no issues. In December 2012, after the SEC charged Wells Fargo Advisors with insider trading, the CCO revised earlier surveillance review and audit report.
The SEC's Enforcement Action says that by altering the document, the COO made it appear that they performed a more thorough review in 2010 than they actually had.
The Chief of the SEC Enforcement Division's Market Abuse Unit declared: "...regardless of her motivation, her conduct was inconsistent with what the SEC expects of compliance professionals and what the law requires."
- Compliance Kit - White Paper, Silver Edition, Gold Edition, and Platinum Edition
- Chief Compliance Officer (CCO) Job Description
- Business Continuity Compliance with ISO 22301
- COBIT Compliance Kit
- Compliance Management
- Compliance Program
- FIPS 199
- HIPAA Compliance
- Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
- Sarbanes-Oxley Compliance Auditing Tools
- Sarbanes Oxley Compliance Kit
- State Compliance
- Security Audit Program