JancoJanco Forum

News Feed

Feed
Description

Janco Mobile Pages

Join Now

Home
Search
Templates
Salary Survey
HandiGuides
Job Descriptions
Individual Policies
Compliance Tools
White Papers
Update Service
Bundles & Special Offers
Software
Promotions
About Us

SOX, HIPAA, ISO Compliance

Sensitive Information


 

 

 

 

Sarbanes Oxley Compliance

Sarbanes-Oxley Compliance Kit

 

 

Sarbanes-Oxley Section 404 requires that:

  • Enterprises have an enterprise wide security policy;

  • Enterprises have enterprise wide classification of data for security, risk, and business impact;

  • Enterprises have security related standards and procedures;

  • Enterprises have formal security based documentation, auditing, and testing in place;

  • Enterprise enforce separation of duties; and

  • Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.

SOX adopted the COSO model of controls, which is the same model that SAS 70 audits have utilized since inception. SOX heightened the focus placed on understanding the controls over financial reporting and identified a type II SAS 70 report as the only acceptable method of obtaining third-party assurance regarding the controls at a service organization. Security "certifications" are excluded as acceptable substitutes for a type II SAS 70 audit report.

 In addition the ISO 27000 standard is used in SAS 70 reports.  The Security Manual Template contains an ISO 27000 Security Process Audit Checklist.  These two items directly address a service organization's descriptions of controls.  The auditor can use these to help them in the evaluation of the service organization's control framework.

Preparation for Disaster Recovery / Business continuation in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DR plan exists and will appropriately protect the data.

To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:

  • Security Policies (all editions);

  • Threat & Vulnerability Assessment Tool (all editions);

  • Business & IT Impact Questionnaire Risk Assessment Tool (all editions);

  • Safety Program Template (all editions);

  • Disaster Recovery Template (all editions);

  • Outsourcing guide update to reflect what you vendors need to do (all editions);

  • Software tool to monitor key data files (all editions);

  • Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;

  • IT Service Management Template (Platinum Edition) includes

    • Service Request Policy and Standard

    • Help Desk Policy, Procedure, Standard, and Service Level Agreement

    • Change Control Standard, Quality Assurance Standard, and Management Workbook

    • Documentation Standard

    • Version Control Policy and Standard

    • Sensitive Information Standard

    • Blog and Personal Web Site Policy

    • Travel and Off-Site Meetings Security Policy

    • Internet, e-mail and electronic communication Policy

See Table Below

Component

Standard Silver Gold Platinum

Security Manual Template

x x x x

Threat & Vulnerability Assessment Tool

x x x x

Business & IT Impact Questionnaire Risk Assessment Tool

x x x x

Safety Program Template

x x x x

Outsourcing guide

x x x x

DiskMonitor (Desktop)

x x x x

Internet and IT Job Descriptions (PDF Format)

  x x x

Internet and IT Job Descriptions (Word Format)

    x x

Internet and IT Job Description HandiGuide (PDF Format)

      x

Service Request Policy and Standard

      x

Help Desk Policy, Procedure, Standard, and Service Level Agreement

      x

Change Control Standard, Quality Assurance Standard, and Management Workbook

      x

Documentation Standard

      x

Version Control Policy and Standard

      x

Sensitive Information Standard

      x

Blog and Personal Web Site Policy

      x

Travel and Off-Site Meetings Security Policy

      x

Internet, e-mail and electronic communication Policy

      x

 

 

Security Template

Security Manual 

                                              
The plan is over 215 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for your security plan.

 


 

Disaster Recovery Planning TemplateDisaster Recovery Plan (DRP)

                 
This Disaster Recovery Plan (DRP) can be used as a template for any enterprise.   DRP is sent to you via e-mail in WORD and/or PDF format. Included is a 13 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager. 



IT Job DescriptionsIT Job Descriptions

                           

The 192 Internet and IT Position Descriptions are in Word for Windows format.  Includes positions from CIO and CTO to Wireless and Metrics Managers. 
 

 

 

IT Service Management ITSM ITILThe IT Service Management Template

                          
The  IT Service Management Template contains policies, standards,  procedures and metrics for Change Control, Help Desk and Service Request processing.  ITSM template also contains several easy to implement forms and conforms with ITIL.

 

 Practical Guide IT Oursourcing

Practical Guide for IT Outsourcing

               

The guide is 91 packed pages and includes everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise. 

 

 

 


 

 

Safety Program TemplateSafety Program Template

Safety Program is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement.  The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).
 

 

DiskMonitorDiskMonitor                                                                              

Network Administrators,  DRP Coordinators, and Security Managers - can use DiskMonitor (DSM) to view drive and folder usage. Local drives as well as network shares are supported. UNC pathing and Drive$ shares are supported as well.

View The Features and Functions

 

 

 

 

 

Site Map

Ingrained Depositary Needed good terms Dallas Hoeing directory about Sarbanes-Oxley 404 acceptance roll and empirical. Well-versed spite of Microsoft Newsworthiness, Be born for, and PowerPoint. Quickness till ravel out willfully. Scheming 60% conduction- trivial perch- 25% ... more

Carbox -- The Next New Revenue Frontier For Lawyers Most likely, you've heard of Sarbanes-Oxley Act, which requires companies to disclose to investors any business risks facing the company. Now there's a new hybrid -- Carbox -- which refers to a company's obligation under SOX to disclose ... more

IPO Drought for Venture Capital Sarbanes Oxley, by the way, is a big deal for some companies … that’s the law that requires a collection of new hoops regarding documentation and securities and so forth, that companies have to jump through to go public. more

Trouble handling risk Still, this survey will provide more ammunition for the SOX-bashers. See full article. Related Entries:. New probe to change Sarbanes-Oxley: the fix is in - 13 September 2006. Audit committees without accountants - 30 November 2006 ... more

Internal Audit Manager/Director •Serve as internal liaison for Sarbanes Oxley (SOX) compliance and testing company wide (404 & 302). •Review, establish, and re-develop corporate policy & procedure documentation. ***Please e-mail resume ASAP directly to ... more

SENIOR PROJECT ANALYST Position Purpose: Provide management with timely plans and analysis to facilitate successful execution and completion of the Annual Internal Control Program with a primary focus on Sarbanes-Oxley (SOX) 404 work. ... more

Sarbanes-Oxley Analyst Robert Half Management Resources is looking for a Sarbanes-Oxley analyst for a Portland area public company that has a need for an experienced Sarbanes Oxley analyst to assist with the review and implementation of their controls testing ... more

MySQL DBA Must have significant experience working in a team environment. Must have experience working with customers – both external and internal Specific expertise that is of particular interest to us: Security SOX (Sarbanes/Oxley) ... more

Sarbanes-Oxley: It's Delicious and (Mostly) Good for You oversight needed to be relaxed, otherwise the US -- New York City in particular -- the SOX-ripping still continues. Tuesday, the National Venture Capital Association that 57 percent of its members. more

Sarbanes-Oxley: It’s Delicious and (Mostly) Good for You Zubin Jelveh submits: On the day Treasury Secretary Paulson calls for tougher banking regulation, it's worth remembering that less than two years ago, the Paulson-backed Committee on Capital Markets Regulation was campaigning for the ... more

News HTML
SAFE Shopping

© 2000 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 06/10/08