Security Policies ProceduresThreat Vulnerability AssessmentRisk Assessment

Security Manual

ISO 27000 - 27001 & 27002
(formerly ISO 17799),
Sarbanes Oxley, HIPAA,
PCI-DSS, and Patriot Act Compliant


Includes Audit Program for PCI DSS  Compliance, HIPAA Audit Guide, and ISO 27000 Checklist

Order Security Manual Template

The Security Manual for the Internet and Information Technology is over 240 pages in length. This electronic document is fully compliant with the ISO 27000 standard, Sarbanes Oxley, HIPAA standard, and the Patriot Act.

All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance.   In addition, the Security Manual Template PREMIUM Edition  contains detail job descriptions that apply specifically to security and Sarbanes Oxley. The job descriptions are:

  • Chief Security Officer (CSO)
  • Chief Compliance Officer (CCO)
  • VP Strategy and Architecture
  • Director e-Commerce
  • Database Administrator
  • Data Security Administrator
  • Manager Data Security
  • Manager Facilities and Equipment
  • Manager Network and Computing Services
  • Manager Network Services
  • Manager Training and Documentation
  • Manager Voice and Data Communication
  • Manager Wireless Systems
  • Network Security Analyst
  • System Administrator - Unix
  • System Administrator - Windows

Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template. 

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics for your security plan:

  • Compliance to ISO 27000 (27001 & 27002), HIPAA, SOX, PCI, and the Patriot Act
  • Security Manual Introduction - scope, objectives, general policy, and responsibilities
  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements
  • Staff Member Roles - policies, responsibilities and practices
  • Physical Security  - area classifications, access controls, and access authority
  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points
  • Media and Documentation - requirements and responsibilities
  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up
  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning
  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements
  • Travel and Off - Site Meetings - specifics of what to do and not do to maximize security
  • Insurance - objectives, responsibilities and requirements
  • Outsourced Services - responsibilities for both the enterprise and the service providers
  • Waiver Procedures - process to waive security guidelines and policies,
  • Incident Reporting Procedures - process to follow when security violations occur
  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords
  • Sample Forms

    • Business and IT Impact Questionnaire
    • Threat & Vulnerability Assessment Tool
    • Security Violation Reporting form
    • Security Audit form
    • Inspection Check List
    • New Employee Security form
    • Security Access Application form

Order Security Manual Template




Latest News

Shadow IT puts organizations and DR plans at risk

February 18th, 2015

As smartphone and tablet usage continues to grow,  CIOs and companies will continue to see he growth of Shadow IT , fueled by users’ requirements for anytime, anywhere access to files. Furthermore, policy and education alone cannot address the emergence of Shadow IT and resulting unmanaged file sharing and data exposure.

In order to fully address this issue, CIOs must consider providing the tools that deliver the convenient and flexible access to information that users want. Without the proper tools provided, managed, and supported by IT, users will continue to find alternative solutions and work around existing policies, leaving IT in the dark.

Over a six month period Janco Associates interviewed managers and executives in enterprises of all sizes that had experienced a business interruption and had to take some sort of action to continue their operations. Only 72 of the 195 Interviewees were able to recover with no major problems. 123 of the others faced some issue with their recovery efforts.

Why DR and BC plans fail

 Order Disaster Plan TemplateDisaster Plan Sample
- more info

Net neutrality now in a fight between Congress and the FCC

January 15th, 2015

The game is on for net neutrality as Congress is set for legislation that they say will ensure net neutrality protections for Internet users and will spur U.S. economic growth.

The new law would create “unambiguous” rules prohibiting broadband providers from selectively blocking or throttling Web traffic, while avoiding a reclassification of broadband as a regulated public utility. The FCC wants to treat the Internet as a utility to regulate and tax it.  This proposal is the new Congress'way to stop that from happening.

The bill would not allow broadband provides to “charge a premium to prioritize content delivery,” but it would create new rules without relying on reclassification of broadband under Title II of the Telecommunications Act.


You can get all of Janco's templates in its IT Management Suite. When you do that you save over $2,500 and when implemented your enterprise is positioned to have a "WORLD CLASS" Information Technology function. You will be in compliance with all mandated requirements including all US and International requirements.

- more info

Pros and Cons of Millennial Employees

December 9th, 2014

More than 70%of CIOs say an advantage of hiring millennials (workers under the age of 35) is the technology savviness they bring to the job. 21%of CIOs say millennials are more creative and innovative than other workers. More pragmatically, nearly 50%acknowledge that millennials are less expensive to employ.

At the same time, they say, millennials offer unique employment challenges.

  • 53% say millennials are less loyal to the company,
  • 46% say the group exhibits an attitude of entitlement,
  • 31% believe millennials require more intense management, and
  • 27% say young workers are more interested in their own personal development than they are in the company.

“One surprising finding is how few U.S. companies have instituted workplace changes to accommodate millennials. In the United States, only 41% have made changes to adapt to younger workers. Other regions of the world have been more accommodating: for example, about 70% of Latin American and Asian firms have adapted to hire/retain millennials.

The most common adaptions to accommodate millennials are making work hours more flexible (21 percent), allowing work from home (17%), increasing training (16 percent), implementing new mentoring programs (13%), and altering corporate culture (10%).

- more info

New job title - Chief Digital Officer - CDO

November 26th, 2014

The job of chief digital officer (CDO) has recently emerged as a new role on the leadership team, as organizations are looking to bring in digital capabilities and seeing the need for an executive with a new set of competencies that combines strategy, marketing, and technology. Many are considering hiring or have already hired a digital leader to oversee enterprisewide digital strategy.

Position Descriptions IT Salary Survey

263 IT Job Descriptions and Organization Charts

The Internet and IT Position Descriptions HandiGuide® was completed in 2014 and is over 700 pages; which includes sample organization charts, a job progression matrix, and 263 Internet and IT job descriptions.   The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format

BuyTable of Contents
- more info

Business Continuity Planning - BCP best practices

November 9th, 2014
Disaster Business Continuity Preparation

A Business Continuity Plan or BCP is the primary way an organization protects itself and its employees  against disasters that endanger its long-term health or reaching its primary mission. BCPs take into account disasters that can occur on multiple geographic levels-local, regional, and national-disasters like fires, earthquakes, or pandemic illness. BCPs should be live and evolving strategies that are adjusted for any potential disasters that would require recovery; it should include everything from technological viruses to terrorist attacks.

 Order Disaster Plan TemplateDisaster Plan Sample

The ultimate goal of a BCP is to help expedite the recovery of an organization's critical functions and manpower following these types of disasters. This sort of advanced planning can help an organization minimize the amount of loss and downtime it will sustain while simultaneously creating its best and fastest chance to recover after a disaster.

- more info

CIOs focus on cloud processing and outsourcing to improve productivity

October 13th, 2014

Pervasive connectivity, advanced analytics, and increasing automation are driving rapid changes in business and placing great pressure on CIOs and CSOs. While the focus of CIOs has always been digital, digital technologies have now reached a critical mass and a tipping point that is changing how people live and work.

These changes are forcing CIOs to move beyond its traditional support role and operate on the forefront of business value delivery. CIOs must direct IT to function in two modes: operating more quickly than ever before to meet the demands for new business models and revenue acceleration while maintaining operational consistency and excellence in traditional workloads.

Outsourcing Template

How to Guide for Cloud Processing and Outsourcing


Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract

"How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship," says a CIO of a Fortune 100 company.

- more info

Business continuity after a disaster depends on communication

August 22nd, 2014

DRP/BCP Security TemplatesWhen a CEO thinks Business Continuity, he thinks of the safeguards that should be in place ensuring business operations are not disrupted. However, due to the heavy dependency on Information Technology, a business leader’s first priority is to have adequate data backups in order to enable recovery in case of a disaster or any loss of data, and to ensure that systems remain available 24x7.

Order DRP BCP SecuritySample DRP Security Manual

The right way to evaluate the quality of your system and data protection is to evaluate the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These metrics define how long you think it will take you to get back online and how current the data has to be.

All Business Continuity Disaster Recovery Planning efforts need to encompass how employees will communicate, where they will go and how they will keep doing their jobs. The details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus on the plan. For others, information technology may play a more pivotal role, and the Business Continuity Disaster Recovery Plan may have more of a focus on systems recovery.

Plan Do Act

- more info

Best Places to Work for IT Pros

June 23rd, 2014
Order Salary SurveyFree Salary Survey

IT Job Descriptions

Internet and IT Position Descriptions HandiGuide Without good personnel no Information Technology organization can succeed.  The first step in getting the right people is to know what roles and responsibilities they have.  The  Internet and IT Position Descriptions HandiGuide has this plus more.

- more info

Intellectual property theft is a major security risk that all companies face

March 24th, 2014

For many companies, in particular in industries like pharmaceuticals, software development, or entertainment, their intellectual property is more valuable than any physical asset. And with the increasing need to collaborate with external business partners to accelerate product life cycles and enhance innovation, there is a greater risk for sensitive information to be compromised.

With identify theft and cyber attacks on the rise, you're facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
such as:

  • Implementing an information security program
  • Encrypting data
  • Notifying customers in the event of a security breach that compromises unencrypted personal information
Order Sensitive Information PolicySensitive Information policy
- more info

One step to improve security on Windows based PCs

February 24th, 2014

Security Policies

If you take Windows XP out of the mix -- when Microsoft support for the archaic OS expires -- there will likely be far fewer security bulletins rated as Critical, and the idea of putting systems at risk by running with unobstructed administrator privileges will be mostly be a thing of the past.

Disaster Recovery Security Cloud DRP Security

Regardless of which version of Windows you use, though, the Avecto report underscores a very simple reality. An attacker can typically only execute malicious code in the context of the currently logged in user, and if that user is a standard user without access to critical system functions, and with no ability to run unknown software without explicit administrator permission, most threats would be rendered harmless.

Order Security ManualTable of Contents

- more info