Compliance Mandates come from multiple sources. How companies are impacted by them varies by size of company and the markets they serve.
Compliance Mandates impact every company that does business on the Internet. Few companies are impacted by all of the mandates. In the U.S. the most impactful is the CaCPA inacted by Califorinia and the GDPR from the EU
The EU has implemented a single privacy and compliance mandate. In the U.S. that is not the case as of yet. The U.S. Congress has talked about it but, as of yet, there is no consensus on what that legislation will look like. Until that occurs the various states, and California in particular, will set the rules.
The standards for user privacy and control drove the released of an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. Janco reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated. The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates. These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular. The compliance deadline is January 1, 2020.
CIO Infrastructure Policy Bundle Update 2019-02 now available
CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.
CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.
The policies are all part of the overall IT Governance Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.
Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.
Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately. See Policy offerings.
Blog and Personal Website Policy (revised 01/2019)
BYOD Access and Use Policy (revised 03/2019)
Mobile Device Access and Use Policy (revised 01/2019)
Physical and Virtual Server Security (revised 01/2019)
Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
Sensitive Information Policy (revised 1/2019)
Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)
Updated in 2018 – Scheduled to be updated within the next three (3) months:
Backup and Backup Retention Policy
Google Glass Policy
Incident Communication Policy
Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
Outsourcing and Cloud-Based File Sharing Policy
Patch Management Version Control
Privacy Compliance Policy
Service Level Agreement Policy including sample metrics
Social Networking Policy
Technology Acquisition Policy
Text Messaging Sensitive and Confidential Information