Compliance Program Easy to Implement & Follow
10 Step program
CIOs and CSOs are now under a great deal of scrutiny not only from their executive management but also from a range of governmental and industry regulatory bodies. Janco has created a ten step program that helps them address compliance issues directly. The program, when used in concert with Janco's Compliance Management products gets them in front of the issue.
Order Industry Standard Compliance Kit
More small and mid-sized business are impacted by state mandated (i.e. California, Massachusetts, New York, and others) than federal and SEC mandates.
The ten step program Janco recommends is:
- Implement a Security Officer Position - That individual does not do all of the work, rather they have responsibility for coordinating all compliance based issues.
- Conduct a compliance risk assessment - The first step is to understand which compliance mandates the enterprise falls under and then conduct a audit to see how well the enterprise complies as it currently is structured.
- Document - All compliance mandates require that documentation be in place for policies and procedures. The three things that compliance bodies look for are:
- Is a policies or procedure in place
- Is the policy or procedure followed
- Is the policy or procedure the right one.
- Know the operating environment - Once a user is authorized to access information how will they gain access and where are the potential failure points.
- Prepare for Incidents - Even if you have every policy or procedure in place there will be compliance violations that will occur. Have a processes in place that focus:
- Prevention
- Detection
- Correction
- . Expect the worst to happen - Do not accept the answer "That never could occur". It will and you will have to respond to it quickly and effectively.
- Control media and electronic files - a violation can not occur with out data. That data can be in any form - paper or electronic.
- Train users - With all of the best policies and procedures in place without proper training a compliance program can not work.
- Log and audit - This not only includes data but individuals and processes used.
- Clean up old data and system - Often enterprises will only worry about new applications. That is not enough concern over legacy systems and data needs to be considered.
Compliance Management
Janco offers a full range of tools to help enterprises of all sizes to address these issues. The Compliance Management kit provides the infrastructure tools necessary address these mandated requirements.
The Compliance Management tool kit comes in three (3) versions: Silver, Gold, and Platinum. In addition we offer a white paper on Compliance Requirements.
Compliance Management White Paper |
- Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.
White Paper contains a table of manadated record retention periods and a list of all of the states and US possessions with their mandated notification requirements. Updated to include GDPR and CCPA requirement discussion
Compliance Management - Silver Edition |
- Compliance Management White Paper
- HIPAA Audit Program
- Security Audit Program - fully editable -- Comes in MS EXCEL and PDF formats -- Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD.
- Supply Chain ISO 28000 Audit Program -- Comes in MS EXCEL and PDF formats -- Meets ISO mandates
- PCI Audit Program - Word and PDF
- Compliance Management Job Descriptions (25 key positions) - Word Format - fully editable and PDF- Chief Compliance Officer (CCO), Chief Data Officer, Chief Mobility Officer, Chief Security Officer, Data Protection Officer, Director Electronic Commerce, Director IT Management and Controls, Director Sarbanes-Oxley Compliance, Manager Blockchain Architecture, Manager BYOD Support, Manager Compliance, Manager E-Commerce, Manager Enterprise Architecture, Manager Internet Systems, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, PCI-DSS Administrator, System Administrators - Linux, System Administrators - Windows, System Administrators - UNIX, Webmaster, and WiFi Network Administrator
Compliance Management - Gold Edition |
- Compliance Management White Paper
- HIPAA Audit Program
- Security Audit Program
- Supply Chain ISO 28000 Audit Program
- PCI Audit Program
- Compliance Management Job Descriptions (25 key positions)
- Record Classification and Management Policy - Word - Policy which complies with mandated US, EU, and ISO requirements
- Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act
Compliance Management - Platinum Edition |
- Compliance Management White Paper
- HIPAA Audit Program
- Security Audit Program
- Supply Chain ISO 28000 Audit Program
- PCI Audit Program
- Compliance Management Job Descriptions (25 key positions)
- Record Classification and Management
- Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act
- Security Manual Template - Word - 240 plus packed pages which are usable as is. Over 3,000 companies worldwide have chosen this as the basis for their best practices to meet mandated US, EU and ISO requirements
IT Governance Compliance - COBIT Compliance Kit |
Order |
The kit includes:
- Compliance Management White Paper
- Record Management and Destruction Policy Template
- IT Governance Infrastructure, Strategy, and Charter Template
- Disaster Recovery Business Continuity Template
- Practical Guide for IT Outsourcing
- Service Level Agreement Policy Template with Sample Metrics
- Metrics for the Internet, Information Technology, and Service Management
- IT Service Management (ITSM) Service Oriented Architecture (SOA)
- Internet and Information Technology Position Descriptions HandiGuide
- HIPAA Audit Program
- Security Policies and Procedures Template
- Security Audit Program
- Business and IT Impact Questionnaire
- IT Salary Survey
See also CIO IT Infrastructure Policy Bundle
