Tag Archives: compliance

What is Blockchain and why is it such a hot topic?

What is Blockchain?

What is Blockchain

Blockchain job description critical to making the right staffing decisions

Why and what is blockchain? Blockchain technology is the application of Internet transasction process and data base technology in a way to store and to verify integrity. It is, primarily, a technology that uses cryptocurrency. With that, it enhances the trustworthiness of the transactions. Transactions become unchangeable once they are entered in the blockchain database. This is valid for all the data that the users use and share.

Typically, the blockchain application works with the most popular cryptocurrency, known as Bitcoin. It is a virtual currency that application uses to keep track of all the transactions that take place on the blockchain network. The applications of a reliable database like this can be many, and they are not limited or restricted to finance only. Information Technology architects are actively engaged in working with the Blockchain Technology.  In addition, these professionals are optimistic about finding new products or applications with blockchain. For example, after the successful implementation of a blockchain system, in all likelihood the application can be extended to suppliers and customers alike.

Blockchain challenges

The Blockchain developer is responsible for developing innovative solutions to challenging problems, including command and control and high integrity solutions. Perform complex analysis, design, development, testing, and debugging of computer software for distinct product hardware or technical service lines of businesses. Perform software design, operating architecture integration, and computer system selection. Operate on multiple systems and apply knowledge of one or more platforms and programming languages.

The Blockchain developer is challenged with legacy infrastructure that will be the main obstacle to successful implementations. This is coupled with the challenges of technical understanding – the practicality of implementing decentralized cryptosystems that fall outside of the traditional IT development skill-set.

Order Blockchain developr job description

See also:

Please follow and like us

Chief Compliance Officer Job Description

Chief Compliance Officer Job Description Just Updated

CCO - Compliance ManagementChief Compliance Officer Job Description is critical in the recruiting process for an effective CCO.  The individual must have a broad vision and perspective. Additional skills enable him/her to function in the ‘global’ regulatory environment. This  requires that they consider many key factors to ensure the success of the compliance management processes.

C-Level executives are continuously looking for help in preventing fraud and protecting sensitive information. The fact that key corporate executives carry personal liability in the event of non-compliance virtually ensures compliance to be a key initiative in any large organizations.

Role of CCO

The Chief Compliance Officer oversees the Corporate Compliance Program, functioning as an independent and objective body that reviews and evaluates compliance issues/concerns within the organization. The position ensures the Board of Directors, management and employees are in compliance with the rules and regulations of regulatory agencies, that company policies and procedures are being followed, and that behavior in the organization meets the company’s Standards of Conduct.

Chief Compliance Officer Job DescriptionJanco’ detail CCO job description provides afocus on these key factors. It offers a strategic and top-down view of this important new function. It defines how the CCO can materially assist the enterprise in establishing a function with an aggregate view of Governance, Risk Management and Compliance. They need to replace the highly fractionated structure that was typical of previous risk and compliance functions that functioned at mainly the tactical and operational level.

The job description is 2,000 words in length and takes up six packed pages of job requiurements.

Order CCO Job Description

Compliance Management Team

The Compliance Management Team serves as the focal point for compliance activities. The team typically is composed of persons of high integrity, having other duties that are not in conflict with the compliance goals.

Coordination and communication are the key functions of the Compliance Management with regard to planning, implementing, and monitoring the compliance program.

Read Also:

Please follow and like us

Top 10 Reputation Management Rules

Top 10 Reputation Management Rules

Top 10 Security Management rules

Top 10 Security Management rules are defined in Janco’s Security Manual Template.

Top 10 Reputation Management Rules are defined in detail in Janco’s Security Manual Template.

Without constant vigilance, your company is vulnerable to attack. The first step to take is to assess your current security stance, then make a plan to increase security with proper best practices and technologies.

Top ten commandments of security management for CSOs, CIOs, and IT Managers

  1. Limit access to information to those who need to have it. People can’t misuse information that they don’t have.
  2. Conduct frequent and deep security audits. Identify who has access to what – and how their actions could weaken the protection of valuable data/information.
  3. Set limits to information access. Do not exclude all information from access – data exclusion locks down access. Limits set authorizations so specific people can do specific things under specific circumstances.
  4. Limit administrative rights to as few individuals as possible. Very few individuals need them to do their jobs.
  5. Ignore organizational hierarchy when setting access capabilities. Access and authorization should be based upon responsibilities, not position.
  6. Make Security Invisible. Minimize extra commands, screens, pop-ups for employees; if an action is allowed, just let it happen.
  7. Analyze Security End back doors. Compliance logs reveal threat patterns, and show how security steps are hurting productivity.
  8. Monitor information access and updates. User-initiated application information updates can invite vulnerabilities.
  9. Educate everyone on security policies and procedures. The more that people know about the rules the better
  10. Make security best practices the watch word for everyone. IT and the general workforce must address the constantly changing nature of security breaches.

Security Manual Template

Security Policies and Procedures Manual for the Internet and Information Technology is over over 230 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address GDPR, CaCPA, ISO, Sarbanes Oxley and CobiT compliance).

Security Manual TemplateOrder Security ManualDownload Selected Security Manual Pages

See Also:

Please follow and like us

GDPR Compliance

GDPR Compliance is at risk with 3rd Party providers

GDPR Compliance

GDPR Compliance Management is more complex with the increased use of 3rd Party providers

Security and GDPR Compliance risks from third parties are on the rise. A security compliance study found that 56 percent of companies admitted to a security incident caused by a third party.

With GDPR now in place, security of third-party vendors and consultants is more important than ever. Their security failure will impact your company and could result in a breach of your data.

So how do you approach third-party security in a GDPR world? The first step is to know who your vendors are and other outsiders with access to your network. These tiers are based on the level and volume of data they have access to, determining which are the most critical. Companies need to know who has any access to their data and get an accurate understanding of exactly what information they can access, why, and how often. With this information in hand, you can then develop an accurate response plan.

GDPR compliance plans should also take into consideration all of your third-party vendors. Thus, when establishing a dedicated Data Privacy Officer (DPO), that person will help the company meet GDPR requirements and should keep tabs on third-party practices and data systems as they affect your business. Lunetta added:

To support the DPO with additional expertise on making decisions such as, “We need X solution to address Y compliance/security requirement,” it’s imperative for IT security teams to conduct regular self-assessments for uncovering gaps and determining options for remediating them.

GDPR Tips

Some tips for ensuring that your third parties are staying in GDPR compliance:

  • Address cybersecurity governance because while it’s one thing to invest in security solutions that help address personal data protection, it’s another to use them in a manner that is also GDPR-compliant.
  • Access Policy Governance – Having robust access controls isn’t good enough to comply with GDPR. Instead, you also need a set of policies that can be defined, implemented and enforced around how your enterprise controls access to personal data.
  • Pay attention to privileged.  Users, such as systems administrators, can circumvent standard controls inside of an application or a database. Identify those users, establish governance controls, and implement enforcement mechanisms through technology solutions such as network access control.

See also:

Please follow and like us

10 Point Power Checklist Disaster Recovery and Business Continuity

10 Point Power Checklist Disaster Recovery and Business Continuity

10 Point Power Checklist Disaster Recovery and Business Continuity

10 point power checklist that adddresses the issues associated with power after an event that disrupts a network, availability of power to recover and run the network often is critical.

10 Point Power Checklist Disaster Recovery and Business Continuity needs to be incorporated into the disaster recovery – business continuity plan. The Disaster Recovery Business Continuity template contains many checklists and best practices to follow. The checklist  includes:

  1. Electricity, water, broken wires do not mix. Review all electrical and plumbing plans in detail.
  2. Understand the minimum power requirements to be operational.
  3. Have an adequate fuel supply to operate backup power sources. If the outage lasts for more than 30 days will the faciulity be ale to continue operations.
  4. Set reasonable response times for standby generator.
  5. Maintain your equipment and test it operations. Test at least once a quarter and review supplies on hand.
  6. Understand your environment and geography.
  7. Set up generators in an “open environment”. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.
  9. Meet all mandated compliance requirements. See Compliance Management Kit.
  10. Optionally contract for a rental power source.

A full description of each of these is contained in the template.  If followed, the chance the plan will be a workable one, are significantly improved.

 

Disaster Recovery Plan TemplateOrder DRP BCP TemplateDownload Disaster Plan Sample

For more information read also:

Please follow and like us

Compliance Mandates

Compliance Mandates – Companies Impacted

Compliance Mandates come from multiple sources.  How companies are impacted by them varies by size of company and the markets they serve.

Compliance Mandates impact every company that does business on the Internet. Few companies are impacted by all of the mandates. In the U.S. the most impactful is the CaCPA inacted by Califorinia and the GDPR from the EU

The EU has implemented a single privacy and compliance mandate.  In the U.S. that is not the case as of yet.  The U.S. Congress has talked about it but, as of yet, there is no consensus on what that legislation will look like.  Until that occurs the various states, and California in particular, will set the rules.

The standards for user privacy and control drove the released of an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. Janco reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated.  The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates.  These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular.  The compliance deadline is January 1, 2020.

Compliance Management is an issue that every organization needs to address.

Compliance Management KitOrder Compliance management KitDownload Selected Pages

See also

Please follow and like us

Compliance Management

Compliance Management Kit Released

Compliance Management

Compliance Management is one of the top concerns of CIOs and other C-Level exeutives.

Compliance Management Kit was just released.  All of the components of the kit were just updated to meet privacy and security madatesdue to GDPR for the EU and CaCPA for the state of California.

The kit comes in 3 versions: Silver, Gold, and Platinum.  Each can be acquired with either 1 year or 2 years of update service.  Janco feels mandates will continue to be added due to this high volume of cyber-attacks and privacy issues that are of concern to individuals and corporations.

First, he Silver version of the kit comes with the Compliance Management White Paper, a self-scoring Security Audit, a PCI Audit Program, and 31 key Job Descriptions including Chief Security Officer (CSO). Second, the Gold version of the kit come with all of that plus two full policies. The policies are the Record Classification and Management Policy and a Privacy Compliance Policy with a detail implementation work plan. The detail wok plan can be utilized right out of the box to ensure that privacy and security are implemented fully within the enterprise.   And third, the Platinum version of the kit comes with everything in the first two, plus Janco’s Security Manual Template.

To learn more about the kit go to https://www.e-janco.com/Compliance.htm.

Order Compliance management KitDownload Selected Pages

Other related posts on this blog:

Please follow and like us

Cloud Outsourcing

How to Guide for Cloud Processing and Outsourcing 2019 Version Released

How to Guide for Cloud Processing and Outsourcing 2019 Version Released with new fearures. It now is available in ePub format.  The version is provided with the basic product.

As interest in cloud computing continues to gain momentum,there is increasing confusion about what cloud computing represents. Without a common, defined vocabulary and a standardized frame of reference, organizations cannot have a cogent discussion about cloud computing. The practical guide for cloud computing outsourcing addresses this challenge by providing a context for productive discussion and a structure for planning, both short and long term, for a successful implementation.

In a recent study, Janco identified the 5 major reasons why CIOs, and enterprises in general, are moving towards Cloud and Outsourcing as processing solutions.

Cloud Oursourcing

Cloud Outsourcing – Reasons why CIOs recommend Cloud and Outsourcing Solutions

The top five reasons and percentage of CIOs who gave these reasong for are  selected are:

  1. Application development (86%) is one of the primary reasons.  Development is easier and resources are scalable.  At the same time costs are variable.
  2. Infrastructure Support (63%) includes the ability to have portable backups and, for example, support disaster recovery and business continuity process.
  3. Gain Specialized skills – (61%) there is no need to create an operation environment to try  a new technology.  In addition it provides and ability to prototype.
  4. Service Level Improvement (45%) can be inproved with flexible capacity.
  5. Cost Savings (34%)  is still a reason for many CIOs to select these options.

New with the 2019 version of this how to guide:

  • GDPR Mandate requirements defined
  • Added Application & File Server Inventory
  • Updated the included job descriptions to be compliant with all mandated requirements
  • Updated all the included forms to the 2019 version
  • Added eReader format (ePub) for the core document

Order Cloud Outsourcing TemplateDownload Selected Pages

See Also:

Please follow and like us

CIO Infrastructure Policy Bundle

CIO Infrastructure Policy Bundle Update 2019-02 now available

CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.

CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated  Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.

The policies are all part of the overall IT Governance  Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.

Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.

Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately.  See Policy offerings.

Recently Updated:

  1. Blog and Personal Website Policy (revised 01/2019)
  2. BYOD Access and Use Policy (revised 03/2019)
  3. Mobile Device Access and Use Policy (revised 01/2019)
  4. Physical and Virtual Server Security (revised 01/2019)
  5. Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
  6. Sensitive Information Policy (revised 1/2019)
  7. Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)

Updated in 2018 – Scheduled to be updated within the next three (3) months:

  1. Backup and Backup Retention Policy
  2. Google Glass Policy
  3. Incident Communication Policy
  4. Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
  5. Outsourcing and Cloud-Based File Sharing Policy
  6. Patch Management Version Control
  7. Privacy Compliance Policy
  8. Service Level Agreement Policy including sample metrics
  9. Social Networking Policy
  10. Technology Acquisition Policy
  11. Telecommuting Policy
  12. Text Messaging Sensitive and Confidential Information
  13. Wearable Devices

Order IT Infrastructure PoliciesDownload Selected Pages

See also: Record Classification

Please follow and like us

Record Classification

Record Classification, Management, Retention, and Destruction Policy Updated

Record Classification was just added to the Data Management Policy.  The purpose of the addition was to reduce the sensitive data footprint to meet the most recent rigorous compliance standards,

Record Classification and Management

Record Classification, Management, Retention, and Disposition Policy can be acquired separately or with the CIO IT Infrastructure Policy Bundle.

Most other data classification tools don’t go the extra mile. Their technology only looks for specific terms in your documents; it doesn’t provide the intelligence you need to secure the personal information of your customers or employees. Janco’s Record Classification, Management. Retention and Disposition Poicy provides visibility into where sensitive files are, what content is inside, who can access the files and who actually uses them.

Included with the policy is a crisp definition of data classification.

The foundation of any good record management program is developing a consistent records classification system across the organization.

While there are many record classification systems, one recommended best practice is a three-tier classification based on business function, record class, and record type.

The first step toward developing  a records classification system is taking an inventory or a comprehensive and accurate listing of locations and contents of all records within the organization.

The second step is grouping the records in the inventory according to business functions, record class, and record type:

  • Common business functions include operations, finance, legal, marketing, human resources, and others.
  • The top-level business functions are broken down into record classes. For instance, two record classes of record-function accounting are accounts payable and accounts receivable.
  • Record types are a further subdivision of record classes. For instance, the accounts payable record class can be further broken down into accounts payable aging reports, accounts payable distribution reports, cash disbursement reports, and other categories.

Read on Record Classification, Management, Retention, and Disposition Policy

Order Record Management PolicyDownload Selected Pages Record Management policy

Other Posting of a similar nature

Please follow and like us