Sarbanes Oxley Compliance Kit
The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
Sarbanes-Oxley Section 404 requires that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforce separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what you vendors need to do (all editions);
- Software tool to monitor key data files (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition).
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 220 Internet and IT Position Descriptions are in Word for Windows format. Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The IT Service Management Template contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. ITSM template also contains several easy to implement forms and conforms with ITIL.
The plan is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement. The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).
Sarbanes-Oxley Issues and News
Disaster Recovery Planning & Business Continuity Planning Quick Action Steps DefinedApril 14th, 2015
Distribute the disaster recovery and business continuity plan or a HandiGuide® to all decision makers and key operating employees who will need access to it when the event occurs.
- Define the chain of command with single leader but do not limit the people who would have to implement the disaster recovery business continuity plan when the event occurs if that leader is unavailable.
- Conduct frequent tests and address all areas where shortcomings are found.
- Conduct the tests in an unannounced mode
- Validated that mission critical data is at sites other than the primary data center
- Establish a communication plan that can be implemented after the disaster.
- more info
HandiGuide is a Janco Associates registered trademark
IoT will cause storage requirements to increase dramaiticallyApril 8th, 2015
IoT will cause storage requirements to increase dramaitically
IoT is the next big thing in technology. As the cost of sensors of many kinds, non-volatile data storage, network connectivity, and computing continue to decrease and the capabilities available at any price point continue to grow, we can instrument everything. We can record data about what each thing does or what goes on around it; continuously analyze whats going on; predict whats about to happen; and (if appropriate) adjust each thing to ensure optimum performance.
Rather than a few billion smar devices, we will have tens of billions generating tens of trillions of data packets that need to be processed, analyzed, stored, and acted on. Thats not going to work for the kinds of platform architectures we have experience with over the past 50 or so years of computing and networking technologies.
Question that need to be answered are:
- Is our data safe in transit and at rest?
- What prevents hackers from gaining access to our data?
- Is our data properly handled, stored, and deleted?
- Who can access our data?
- What are the benchmark measurements?
- Is our data backup strategy compliant?
- Will our recovery be successful?
Changing a compliance report after the fact can be an SEC violationFebruary 14th, 2015
The SEC filed an Enforcement Action against a former Wells Fargo Advisors Compliance Officer for altering an compliance audit report
According to the SEC, the Compliance Officer was responsible for performing trading surveillance reviews and audits to identify potential insider trading activity.
In a September 2010 surveillance review of a particular employee's trading found the CCO no issues. In December 2012, after the SEC charged Wells Fargo Advisors with insider trading, the CCO revised earlier surveillance review and audit report.
The SEC's Enforcement Action says that by altering the document, the COO made it appear that they performed a more thorough review in 2010 than they actually had.
The Chief of the SEC Enforcement Division's Market Abuse Unit declared: "...regardless of her motivation, her conduct was inconsistent with what the SEC expects of compliance professionals and what the law requires."
- Compliance Kit - White Paper, Silver Edition, Gold Edition, and Platinum Edition
- Chief Compliance Officer (CCO) Job Description
- Business Continuity Compliance with ISO 22301
- COBIT Compliance Kit
- Compliance Management
- Compliance Program
- FIPS 199
- HIPAA Compliance
- Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
- Sarbanes-Oxley Compliance Auditing Tools
- Sarbanes Oxley Compliance Kit
- State Compliance
- Security Audit Program
White House aims to stop city and state broadband projectsJanuary 15th, 2015
Obama wants the feds to control the Internet and opposes measures in 19 states that limit cities from rolling out their own broadband networks. He is acting via new regulations he wants the Federal Communications Commission to take action to control municipal broadband projects.
The White House's formal opposition to state laws limiting or prohibiting municipal broadband projects is part of a proposal aimed at encouraging broadband competition and deployment across the U.S.They say they want to have alternative providers users can switch to. The city and state networks would hinder that happening.
How to Guide for
Cloud Processing and Outsourcing
ISO Compliant - Including ISO 31000
"How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship," says a CIO of a Fortune 100 company- more info
Tech firms use H-1B program to lower personnel cost and number of US employeesDecember 8th, 2014
The CEO of Janco, Victor Janulaitis states, "There is not really a talent shortage. In fact, there's a lot to support the notion that there are more Americans willing and ready to work than ever."
The key is the H-1B visa that lets foreign skilled workers stay in the U.S. for up to six years. The number of visas is limited to 65,000 per year (85,000 if you count the extra 20,000 set aside for advanced degree graduates of U.S. schools). Silicon Valley wants more of these foreign workers -- Facebook's even started a bipartisan lobbyist organization called FWD.us to push for a higher quota and a streamlined path to the treasured green card, which would free up more H-1Bs for more non-citizens.
This is only an issue if you're not searching within America's borders for your next programming talent. A recent paper by the Economic Policy Institute concludes that only half of all American college graduates in STEM (science, technology, engineering, and math) get hired into their fields every year, and when adjusted for inflation, the IT industry only pays about what it did in 1999.
All of that implies that tech firms, in general, aren't offering enough money to attract Americans.more info
How Compliance Impacts Backup StrategyNovember 27th, 2014
Given the concurrent explosion of digital information and compliance requirements, having a sound, workable backup and restore policy is essential. When a disaster occurs whether that be a terrorist attack, hurricane, or just human error having and enforcing a backup strategy can get you quickly back in business.
- more info
Cybercriminals are expanding the scope and breath of attacksOctober 23rd, 2014
Every day cybercriminals are deploying new threats that are more destructive than ever before. While most CIOs have more people devoted to IT security, established businesses are are vulnerable to a wider array of attacks.
The IT Security Manual Template provides CIOs, CSOs, and IT Managers all of the essential materials with real live useable text for a complete security manual. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.more info
Security Policies - Procedures - Audit ToolsSeptember 3rd, 2014
74% of government IT executives said they expect at least one foreign-based cyber attack, including viruses, malware or hacking, within the next year.- more info
Surplus of stem degreed US employees unemployedAugust 21st, 2014
With a nearlly 8 million STEM (science, technology, engineering, and mathematics) degreed workers who are not in the STEM workforce why do we need more H-1B visas?
Despite the economic downturn, Census Bureau data show that, between 2007 and 2012, about 700,000 new immigrants who have STEM degrees were allowed to settle in the country, yet at the same time, total STEM employment grew by only about 500,000.
- more info
Internet of Everthing - a realityMarch 26th, 2014
The fast pace of technology is changing our notion of the modern organization. As barriers to market entry are falling, customers, employees, and citizens alike are demanding new ways to interact. This trend is moving us into the next wave of Internet evolution known as the "Internet of Everything" (IoE). Connecting people, data, processes, and things, IoE is creating a digital disruption with great societal value as everything is coming online.
Organizations of all types are realizing the benefit of this increased connectedness through operational efficiency and improved customer and citizen experiences. Many organizations are using IoE connections to run- not just monitor - complex operations in manufacturing, healthcare, financial services, utilities, and the public sector to generate and deliver significant value.
- CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- Backup and Backup Retention Policy (more info...)
- Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Google Glass Policy Template (more info...) Includes electronic Google Glass Access and Use Agreement Form
- Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy
- Mobile Device Access and Use Policy (more info...)
- Patch Management Policy (more info...)
- Outsourcing Policy (more info...)
- Physical and Virtual Security Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
- Service Level Agreement (SLA) Policy Template with Metrics (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Text Messaging Sensitive and Confidential Information (more Info...)
- Travel and Off-Site Meeting Policy (more info...)
- IT Infrastructure Electronic Forms (more info...)