Monthly Archives: March 2019

CIO Infrastructure Policy Bundle

CIO Infrastructure Policy Bundle Update 2019-02 now available

CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.

CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated  Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.

The policies are all part of the overall IT Governance  Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.

Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.

Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately.  See Policy offerings.

Recently Updated:

  1. Blog and Personal Website Policy (revised 01/2019)
  2. BYOD Access and Use Policy (revised 03/2019)
  3. Mobile Device Access and Use Policy (revised 01/2019)
  4. Physical and Virtual Server Security (revised 01/2019)
  5. Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
  6. Sensitive Information Policy (revised 1/2019)
  7. Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)

Updated in 2018 – Scheduled to be updated within the next three (3) months:

  1. Backup and Backup Retention Policy
  2. Google Glass Policy
  3. Incident Communication Policy
  4. Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
  5. Outsourcing and Cloud-Based File Sharing Policy
  6. Patch Management Version Control
  7. Privacy Compliance Policy
  8. Service Level Agreement Policy including sample metrics
  9. Social Networking Policy
  10. Technology Acquisition Policy
  11. Telecommuting Policy
  12. Text Messaging Sensitive and Confidential Information
  13. Wearable Devices

Order IT Infrastructure PoliciesDownload Selected Pages

See also: Record Classification

Please follow and like us
error

Record Classification

Record Classification, Management, Retention, and Destruction Policy Updated

Record Classification was just added to the Data Management Policy.  The purpose of the addition was to reduce the sensitive data footprint to meet the most recent rigorous compliance standards,

Record Classification and Management

Record Classification, Management, Retention, and Disposition Policy can be acquired separately or with the CIO IT Infrastructure Policy Bundle.

Most other data classification tools don’t go the extra mile. Their technology only looks for specific terms in your documents; it doesn’t provide the intelligence you need to secure the personal information of your customers or employees. Janco’s Record Classification, Management. Retention and Disposition Poicy provides visibility into where sensitive files are, what content is inside, who can access the files and who actually uses them.

Included with the policy is a crisp definition of data classification.

The foundation of any good record management program is developing a consistent records classification system across the organization.

While there are many record classification systems, one recommended best practice is a three-tier classification based on business function, record class, and record type.

The first step toward developing  a records classification system is taking an inventory or a comprehensive and accurate listing of locations and contents of all records within the organization.

The second step is grouping the records in the inventory according to business functions, record class, and record type:

  • Common business functions include operations, finance, legal, marketing, human resources, and others.
  • The top-level business functions are broken down into record classes. For instance, two record classes of record-function accounting are accounts payable and accounts receivable.
  • Record types are a further subdivision of record classes. For instance, the accounts payable record class can be further broken down into accounts payable aging reports, accounts payable distribution reports, cash disbursement reports, and other categories.

Read on Record Classification, Management, Retention, and Disposition Policy

Order Record Management PolicyDownload Selected Pages Record Management policy

Other Posting of a similar nature

Please follow and like us
error

Top 10 Press Release Best Practices

Top 10 Press Release Best Practices

 

Formal media and incident communications plan needs to be in place before an event occurs.

Top 10 Press Release Best Practices – Whenever enterprises are impacted by negative (cyberattacks) or positive events communication with the media is critical – Press Releases should be the first source for factual and informational communication with the media.

 

Top 10 best practices are:

  1. Perform extensive research – get your facts straight
  2. Don’t assume anything – double check everything
  3. Don’t belittle or talk down to anyone
  4. Don’t oversell your product or service
  5. Don’t over-write or bloat the release
  6. Create a clever subject line
  7. Don’t jump the gun when sending your release
  8. Optimize the Press Release for Internet Search Engines
  9. Maintain an internal list of trusted reporters and editors
  10. Be available and responsive right after a press release is issued

Top 10 Press Release Best PracticesOrder media communication PolicyDownload Selected media communication Policy Pages

Other posts:

Please follow and like us
error

Supply of Qualified IT Professionals Low

Supply of Qualified IT Professionals Low – Starting Salaries Higher

Supply of Qualified IT Professionals Low as CIO and recruiters look to add the skill sets necessary to meed the demands of seamless information flow via ERP and Blockchain.  This shortage is not limited to these skill sets, programmers and business analysts of all stripes are also in high demand.

Shortage of IT Professionals

IT job market growth is marked bu shortages of qualified professionsal. Still Janco forecasts that over 89,000 new IT jobs will be created in 2019.

The political turmoil and lack of any material progress on the trade talks with China and the EU adds a level of risk on the direction of the economy. However, even with all those factors in play there still is positive IT job market growth. CIOs are still planning on expanding the size of their organizations.

Most of the hiring that is occurring is at staff levels. Based on our current data we believe the hiring that will be done this year will be completed by June or July. Demand for consultants and contract employees will still be above average, however, there is a tendency to move towards in-house staff. This data is compiled by reviewing public data, open/filled positions at our client organization, and interviews with selected CIOs, Recruiters and our clients’ internal HR staffs.

Supply of Qualified IT Professionals Low

CIO Hiring plans for the next year show the focus is on meeting the skill shortage need at the staff level

In order to assist its clients, Janco has just released it 2019 version of the IT Hiring Kithttps://www.e-janco.com/ITHirePack.htm.  the Kit contains the over 300 full IT job descriptions, the 2019 IT Salary Survey, and the Interview and Hiring which is packed full of electronic forms and best practices.

IT Hiring KitOrder IT Hiring Kit

IT Job DescriptionIT Salary SurveyInterview & Hiring Guide

Please follow and like us
error

IoT Challenges

Internet of Things – IoT Challenges

IoT Challenges

IoT Challenges are varied and unique to the capture of real-time data

IoT Challenges – IoT  is more than internet enabled sensors and analytics. It is a way to get real-time information. There is a very good chance that the IoT device can be remotely controlled, monitored, updated and maintained using remote management tools, sensors and predictive analytics that continually collect device data that can identify problems before they happen.

Granted most of these devices are not critical in life or death situations. However, there can be property loss when a device fails, does not have the current BIOS or software, or is used in an inappropriate manner. In addition the implications on data storage in order to meet the mandated records management requirements have not been understood to their fullest.

Add that to the fact that typically IoT data is proprietary and enterprise confidential, security is a major concern.

Managements concerns are

  • Security Threats – 38%
  • Data Privacy – 28%
  • Access Management – 9%
  • External Attacks – 9%
  • Meeting Compliance Requirements – 7%
  • BYOD and user devices – 6%
  • 3rd Party Data Requests – 2%
  • Other concerns – 3%

Order Manager IoT Job Description

See also:

Please follow and like us
error

Driver Support Review

Driver Support Review – Customer Service

Driver Support Review is mixed.  The product / service is a good offering but there are some areas of concern that you need to be aware of if you use this producrt.

Functionality – the product does not work with a number of software virus / malware checkers. For example. the service will NOT run with Malwarebytes without modifications to the the exclusion file which is understandable.  However the issue is that Driver Support (DS)  does not give you any help on the files that need to be put in the exclusion file.  In addition, to get this to work it took several phone calls to their customer service group.  It did not help that the CS staff is located in Jamaica and their English skills are poor at best.

Registration key issues – We purchased the premium version of the product which was to allow us to register up to 5 PCs.  When we tried to register the 4th PC, the program told us that we had exceeded the number of machines that could be registered.

We went to the customer portal.  It showed that we had 3 PC installed and that we had one registration left to use.  3 plus 1 does not equal 5.  Also there is no way for the user to delete a machine.

Now the really interesting process follows.  We tried to contact the company and got ah email message that the “Office was closed”.  We sent several email over the next few days and go NO response.  We finally called them when they said their office was open.  The first two people we talked to have very poor English and we were disconnected in the transfer process.  Finally we got to the CS technicain in our 4th call.  There was an ECHO on the line on all of the phone calls.

We explained the issue to the person and were told they had to route the problem to their engineers who were in the US and it would take 24 hours for them to get back to me.

We cannot in good judgement recommend this product eventhough the driver update service they offer is excellent.

See also:

Please follow and like us
error

What is HIPAA

What is HIPAA and how can an enerprise comply with the mandated requirements

What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.

What is HIPAA

What is HIPAA and how does it impact overall Compliance Management?

Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.

Read On HIPAA Compliance

Order DRP BCP SecurityDownload Table of Contents Security and DRP templates

 

Please follow and like us
error

BYOD Best Practices

Security Top 10 BYOD Best Practices

BYOD Best Practices

BYOD Best Practices to ensure the security of enterprise sensitive an confidential information

BYOD Best Practices – BYOD (Bring Your Own Device) now is standard practice for most individuals working for companies.  Device  include everything from laptop computer to tablets and smartphones. 10 Best Practices to secure BYODs – More employees and enterprise associates are bringing their own iPhones and tablets to the office. How sure are you that they are secure. While these oersonal devices are great for employee productivity, they can introduce security risks to your organization.

  1. Implement a formal written BYOD policy that clearly states which devices and applications are supported.
  2. Set up a locking password on each device. Integrate password usage with wipe the phone after x number of invalid tries. At the same time have a way to restore the phone if the phone is wiped.
  3. Implement a phone locater on all SmartPhones. In the case of the iPhone use the “Find My Phone” application.
  4. Protect the access point of your network so that only devices that meet your stringent security requirements are allowed access to you network and data.
  5. Implement anti-virus where possible. In the case of iPhone there is not anti-virus. That means that you email service provider needs to do the scan BEFORE emails are sent to the device.
  6. Manage authorized applications so the contact and other sensitive data is not extracted from the device by the applications.
  7. Utilized data encryption on e-mails and enterprise data
  8. Utilize the cloud as a back up source
  9. Be wary of applications like QR coder readers. They can direct the user to sites that can take control of the device.
  10. Monitor access and data usage by device and by user. Have processes in place that actively inform management of any potential ares were the network and data can be compromised.
Order BYOD PolicyBYOD Policy Download Selected Pages

Read on BYOD Policy Template

 

Please follow and like us
error

Top 10 Reasons Disaster Recovery Fails

Top 10 Reasons Disaster Recovery Fails

Top 10 Reasons Disaster Recovery Fails have been identified by Janco. Over 90% of all mid-sized to large enterprises have disaster recovery and business continuity plans in place — that is not enough to avert disaster as only 40% of those plans have not major defects. The top 10 causes for those failures are:

Top 10 Reasons Disaster Recovery Fails

Disaster Recovery and Business Continuity are necessary enterprise infrastructure processes that have correctable defects that can make plans fail.

  • Backups do not work
  • Not identifying every potential event that can jeopardize the infrastructure and data that the enterprise depends
  • Forgetting or ignoring the cross-training of personnel in disaster recovery and business continuity
  • Not including a communication processes which will work when your communication infrastructure is lost
  • Not having sufficient backup power – both capacity and durations
  • Having a recovery plan in place but not listing priorities of which resources need to be restored first
  • No physical documentation of your Disaster Recovery and Business Continuity plan
  • Disaster Recovery and Business Continuity plan that has not been tested adequately
  • Passwords are not available to the Disaster Recovery and Business Continuity team
  • Disaster Recovery and Business Continuity plan is not up to date

Order Disaster Recovery Business Continuity Template Download Selected Pages Disaster Recovery Business Continuity Template

See also:

Please follow and like us
error

300 IT Job Descriptions Released

2019 IT Job Descriptions Released

IT Job Descriptions

2019 Version of the HandiGuide contains 300 2 to 8 page job descriptions. They every position for CIO to Blockchain programmer and System Administrators

IT Job Descriptions HandiGuide was just updated to reflect latest compliance requirements. The HandiGuide was completed in 2019. It is over 800 pages; which includes sample organization charts, a job progression matrix, and 300 individual descriptions. The book addresses all mandated requirements, including the ADA, and is in an easy to use format.

Also included with the HandiGuide are tools to help you expand, evaluate and define your enterprise’s Human Resource requirements. Those tools include:

  • Job Evaluation Questionnaire
  • Position Description Questionnaire
  • Job Progression Matrix (Job Family Classifications)
  • Sexual Harassment and other key employment issues
  • Best Practices for resume screening
  • Best Practices for phone screening
  • Employee Termination Checklist (Electronic Form)

This offering is fully vetted by the IT Productivitive Center, the Society for Human Resources Management, and the 3 major accounting firms (in the U.S and the EU).

The eReader version of the job descriptions can be loaded directly on an enterprises “Intranet”, searched and printed directly via tablets and SmartPhones.

These position descriptions are included in full in the CIO Management Tool Kit and the  IT Hiring Kit.  In addition, this is available in several of Janco’s Gold and Silver product bundles.

Read on Job Descriptions.

Order IT Position DescriptionsSample job descriptionDownload Selected Descriptions

Job Description Postings

Please follow and like us
error