Tag Archives: compliance

CIO Infrastructure Policy Bundle

CIO Infrastructure Policy Bundle Update 2019-02 now available

CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.

CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated  Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.

The policies are all part of the overall IT Governance  Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.

Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.

Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately.  See Policy offerings.

Recently Updated:

  1. Blog and Personal Website Policy (revised 01/2019)
  2. BYOD Access and Use Policy (revised 03/2019)
  3. Mobile Device Access and Use Policy (revised 01/2019)
  4. Physical and Virtual Server Security (revised 01/2019)
  5. Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
  6. Sensitive Information Policy (revised 1/2019)
  7. Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)

Updated in 2018 – Scheduled to be updated within the next three (3) months:

  1. Backup and Backup Retention Policy
  2. Google Glass Policy
  3. Incident Communication Policy
  4. Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
  5. Outsourcing and Cloud-Based File Sharing Policy
  6. Patch Management Version Control
  7. Privacy Compliance Policy
  8. Service Level Agreement Policy including sample metrics
  9. Social Networking Policy
  10. Technology Acquisition Policy
  11. Telecommuting Policy
  12. Text Messaging Sensitive and Confidential Information
  13. Wearable Devices

Order IT Infrastructure PoliciesDownload Selected Pages

See also: Record Classification

Please follow and like us
error

Record Classification

Record Classification, Management, Retention, and Destruction Policy Updated

Record Classification was just added to the Data Management Policy.  The purpose of the addition was to reduce the sensitive data footprint to meet the most recent rigorous compliance standards,

Record Classification and Management

Record Classification, Management, Retention, and Disposition Policy can be acquired separately or with the CIO IT Infrastructure Policy Bundle.

Most other data classification tools don’t go the extra mile. Their technology only looks for specific terms in your documents; it doesn’t provide the intelligence you need to secure the personal information of your customers or employees. Janco’s Record Classification, Management. Retention and Disposition Poicy provides visibility into where sensitive files are, what content is inside, who can access the files and who actually uses them.

Included with the policy is a crisp definition of data classification.

The foundation of any good record management program is developing a consistent records classification system across the organization.

While there are many record classification systems, one recommended best practice is a three-tier classification based on business function, record class, and record type.

The first step toward developing  a records classification system is taking an inventory or a comprehensive and accurate listing of locations and contents of all records within the organization.

The second step is grouping the records in the inventory according to business functions, record class, and record type:

  • Common business functions include operations, finance, legal, marketing, human resources, and others.
  • The top-level business functions are broken down into record classes. For instance, two record classes of record-function accounting are accounts payable and accounts receivable.
  • Record types are a further subdivision of record classes. For instance, the accounts payable record class can be further broken down into accounts payable aging reports, accounts payable distribution reports, cash disbursement reports, and other categories.

Read on Record Classification, Management, Retention, and Disposition Policy

Order Record Management PolicyDownload Selected Pages Record Management policy

Other Posting of a similar nature

Please follow and like us
error

IoT Challenges

Internet of Things – IoT Challenges

IoT Challenges

IoT Challenges are varied and unique to the capture of real-time data

IoT Challenges – IoT  is more than internet enabled sensors and analytics. It is a way to get real-time information. There is a very good chance that the IoT device can be remotely controlled, monitored, updated and maintained using remote management tools, sensors and predictive analytics that continually collect device data that can identify problems before they happen.

Granted most of these devices are not critical in life or death situations. However, there can be property loss when a device fails, does not have the current BIOS or software, or is used in an inappropriate manner. In addition the implications on data storage in order to meet the mandated records management requirements have not been understood to their fullest.

Add that to the fact that typically IoT data is proprietary and enterprise confidential, security is a major concern.

Managements concerns are

  • Security Threats – 38%
  • Data Privacy – 28%
  • Access Management – 9%
  • External Attacks – 9%
  • Meeting Compliance Requirements – 7%
  • BYOD and user devices – 6%
  • 3rd Party Data Requests – 2%
  • Other concerns – 3%

Order Manager IoT Job Description

See also:

Please follow and like us
error

What is HIPAA

What is HIPAA and how can an enerprise comply with the mandated requirements

What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.

What is HIPAA

What is HIPAA and how does it impact overall Compliance Management?

Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.

Read On HIPAA Compliance

Order DRP BCP SecurityDownload Table of Contents Security and DRP templates

 

Please follow and like us
error

CIOs Management Focus

CIOs Management Focus in 2019 Changed

CIOs Management Focus changed with he improved economy and the resulting increase in budgets.

CIO Management Focus

Janco Associates conduct a survey of CIO and senior IT Managers in large and mid-sized corporations. 156 individuals participated in the study.

The top ten areas of management focus that we identified are listed below along with the percentage of participants who listed that as an area of their focus.

  1. New Security Threats – identification, remediation and protections.
  2. Data Protection / Compliance – The EU’s GDPR regulation and California’s data privacy legislation are driving this.
  3. Staff Skill Gaps – Many enterprises have not invested enough into staff development in the past several years.
  4. Multi Platform Security – With the move towards disparate operating environments away for the core data center to multiple cloud platforms security and data protection are more of a priority.
  5. Innovation / Digital Transformation – New ways of doing things and the move away from traditional ways of doing everything towards a digital environment are driving top level IT Pros to rethink how they can provide value to the enterprise.
  6. Revenue Stream Improvement – IT now is viewed more as an additional source of operational revenue.
  7. Agility of IT – For most companies, projects with a 3 year development life cycle no long exist.
  8. Outsourcing Risks – In outsourcing your work, the quality of the deliverable is at the mercy of the firm you outsourced to.
  9. Business Results – IT value is now tied to the results of the operation units.
  10. Tools for Digital Workers – With more remote users who operate on tablets and smartphones remotely instead of an office environment with direct connection to the processing center, productivity tool are more critical.

See Also:

Please follow and like us
error

Disaster Recovery Business Continuity

Disaster Recovery Business Continuity Template – 2019 Version Released

Disaster Recovery Business Continuity has just been updated and the 2019 Version has just been released.  The changes to this version are:

  • Updated all included job descriptions
  • Updated all included forms
    • Disaster Recovery electronic forms
    • Safety Program electronic forms
  • Added co-location checklist
  • Audit Program Updated
  • Administrative changes
    Disaster Recovery Business Continuity Template

    2019 Version now available for immediate download

    • Changed core document to exclude job descriptions and forms which are delivered in their own directories
    • Business and IT Impact Questionnaire is delivered in its own and comes as a MS WORD, pdf, and eBook electronic format
    • 3 included job descriptions are delivered in their own directory

The chapters of the template are:

  • Plan Introduction
  • Business Impact Analysis
  • Backup Strategy
  • Recovery Strategy
  • Disaster Recover Organization
  • Disaster Recovery Organizational Procedures
  • Plan Administration
  • Appendix – Full of tools and checklists

Also included as separate MS Word and/or eBook electronic files in thier own directories:

  • Job Descriptions – Disaster Recovery Manager,  Manager Disaster Recovery and Business Continuity
  • Disaster Recovery electronic forms – Business Continuity Site Evaluation Checklist, Business Continuity LAN Node Inventory, Business Continuity Location Contact Numbers, Business Continuity Off-Site Inventory, Business Continuity Personnel Location, Business Continuity Plan Distribution, Business Continuity Remote Location Contact Information, Business Continuity Server Registration, Business Continuity Team Call List, and  Business Continuity Vendor List
  • Safety Program electronic forms – Area Safety Inspection, Employee Job Hazard Analysis, First Report of Injury, Inspection Checklist – Alternative Locations, Inspection Checklist – Computer Server Data Center, Inspection Checklist – Office Locations, New Employee Safety Checklist,Safety Program Contact List, and Training Record
  • Business Imact Analysis Questionnaire – PDF and MS WORD Formats
  • Business Impact Analysis electronic form  – Application and File Server Inventory
  • eBook versions – Disaster Recovery Business Continuity Template and the DPR Audit Program

Disaster Recovery Plan TemplateOrder Disaster Plan TemplateDownload Selected Pages Disaster Plan Template

See also:

Please follow and like us
error

Blockchain Payment System

Blockchain Payment System

Universities Work Together On Payment System – Shades of Internet Development

Universities Work Together On Payment System just like they did when the Internet was developed by them in the late 1960’s with ARPAnet.

Blockchain payment system must smoothly collect, process, and protect sensitive personal information

Several universities, including MIT and Stanford, are working together to develop a digital currency network that solves blockchain’s scalability and performance problems before public confidence in the technology erodes.

Funded by a Swiss-based non-profit organization, the cryptocurrency application, called Unit-e, and its blockchain-based payment system is expected to launch in the second half of this year; if successful, it would surpass even mainstream financial networks like Visa’s VisaNet in transactional capability.

This is very similiar to how the Internet was first developed.  Universitiy staff and associates worked together to create a common netwok which was in competition with the then exisiting TimeSharing services.  None of which exist today.

The question is will propritary systems like VisaNet exist after the public university system is operational. Research shows that well-run companies are most productive, suffer the least loss of sensitive data, and have less downtime of operations if they have good policies in in place.

Read on Information Technology Infrastructure…

 

 

Please follow and like us
error

Security Manual Template

Security Manual Template – 2019 Version Released

The 2019 Version of the Security Manual Template was just released.

Security ManualThere now are new standards for user privacy and control according to Janco Associates – Janco has just released an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. The CEO of Janco, Mr. M. Victor Janulaitis said, “We have reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated.  The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates.  These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular.  The compliance deadline is January 1, 2020.”

The Security Manual Template is now distributed in a segmented format with five (5) specific directories. They are:

  1. Security Manual Template directory – containing the full editable MS WORD and pdf versions of the template;
  2. Forms directory – containing all the forms that are needed to implement a “World Class” security infrastructure;
  3. Policy directory with 5 policies in MS WORD and pdf versions – Blog and Personal Website Policy – Mobile Use Policy – Sensitive and Confidential Information Policy – Server Security Policy – Travel and Off-Site Meeting policy;
  4. eBook directory (with the author’s name as the directory name)- with eBook versions of the Security Manual Policy and the supporting policies; and
  5. Tools directory with the Business Impact Analysis Tool, Threat and Vulnerability Assessment Tool, Security Checklist, and PCI Audit Program.

See also Security and Compliance…

Please follow and like us
error