Business Continuity &
Disaster Recovery Template

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters.

The DRP template includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. More...

Security Manual Template

Most companies have initiated the necessary steps to safeguard their company assets. Information security has moved from a business cost to a business enabler. However, new threats and technologies are constantly and rapidly changing the network landscape. System administrators must scan the network continually for known security weaknesses, keep their skills current and, most important, reexamine corporate security policies periodically.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step.. More...

Job Descriptions

The Internet and IT Position Descriptions HandiGuide® was completed in 2010 and is over 650 pages; which includes sample organization charts, a job progression matrix, and 231 Internet and IT job descriptions.  The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format. More...

Disaster Business Continuity

Security Policies Procedures

Job Descriptions

IT Salary Survey

 

Janco

RSS Standard XML
RSS Latest 25 items
RSS Latest 10 items
RSS Latest 5 items
RSS Historical Feed

Other Feeds

RSS IT Productivity Center
RSS eJobDescription
RSS psrinc
RSS IT-Toolkits
RSS Disaster Planning

 

IT Infrastructure Strategy Charter

IT Infrastructure, Strategy,
and
Charter Template

ISO 27000 Series Compliant
SOX, HIPAA and PCI-DSS Compliant

 

Order Infrastructure TemplateDownload Infrastructure TemplateInfrastructure Version History

With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.

The template comes as both a WORD document utilizing a CSS style sheet that is easily modifiable. 

Included with the template are a HIPAA Audit Program Guide and an ISO 27001 and ISO 27002 Security Process Audit Checklist.  The Template is over 125 pages in length (the full table of contents can be downloaded by clicking on the link above) and the topics covered include:

  • IT Infrastructure, Strategy, and Charter Summary (see sample page)
  • Strategy and Charter Statement of Authority
  • IT Management Structure
  • Compliance
  • Personnel Practices
  • Controls
  • Application Development Standards
  • Service Requests
  • Local Area Network
  • Back-up and Recovery
  • Disaster Recovery Plan
  • Security
  • Access Control - Physical Site
  • Access Control - Software and Data
  • Facility Requirements
  • ISO 27001 & ISO 27002 Audit Checklist
  • HIPAA Audit Program
  • Full Job Description for CIO large enterprise
  • Full Job Description for CIO small enterprise
Special Offer - Premium and Gold Editions - Update Service Available
IT Service Management Template and 220 IT and Internet Job Descriptions are available with the in the Premium and Gold edition. 
Security Audit Program

 

Metrics IT and Internet

 

Record Management

 

SLA - Service Level Agreement

 

The IT Service Management Policy Template is a 130 page document that contains policies, standards,  procedures and metrics that comply with the ITIL Standard.  Chapters of the template include:

  • Service Requests Policy
  • Service Request Standard
  • Help Desk Policy
  • Help Desk Standards
  • Help Desk Procedures
  • Help Desk Service Level Agreement
  • Change Control Standard
  • Change Control Quality Assurance Standard
  • Change Control Management Workbook
  • Documentation Standard
  • Application Version Control Standard
  • Version Control Standard
  • Internet Policy
  • e-Mail Policy
  • Electronic Communication Policy
  • Blog & Personal Web Site Policy
  • Travel and Off-Site Meeting
  • Sensitive Information Policy
Versions of IT Infrastructure, Strategy, and Charter Template
Infrastructure Strategy Charter Versions
Order Infrastructure StrategyDownload Infrastructure StrategyInfrastructure Version History
Manage Critical Steps in Infrastructure Definition
Defining Your Optimal IT Infrastructure is a critical task that can no longer wait with all of the changes mandated by Sarbanes-Oxley and changes to your operating environment.  The template helps you:
  • Understand and explain what infrastructure is, enabling you, your constituents, and the executive team to manage the organization's technology environment more effectively.
  • Analyze the current state of your infrastructure so you know where it works well and where to focus improvement efforts.
  • Justify infrastructure spending, using the template's comprehensive definitions and ready to use examples to link IT infrastructure and your company's bottom line.
  • Prioritize your resources with a prescriptive toolset that lets you focus your efforts.
An Essential Strategic Advantage for Your IT Team
Implementing a cost effective IT Infrastructure that aligns with your organization's business strategy is essential to ensuring the success of the Information Technology function. For many IT professionals, the amount of time it takes to develop and implement such a infrastructure, and the unknown process required to complete it, makes infrastructure design and implementation a daunting task.  The IT Infrastructure, Strategy, and Charter Template draws on the experiences of some of the best IT and business operations executives in the industry to provide you with the right shortcuts.
Order Infrastructure StrategyDownload Infrastructure StrategyInfrastructure Version History 

 

Infrastructure Management

 

 

 

 

 

 

 

Infrastructure, Strategy, & Charter News



How companies protect laptops is an issue

More than 50% of organizations surveyed have indicated that they protected sensitive information with encryption software. A further 43% reported the use of asset tracking software. Simply knowing where all mobile computers are located is a powerful security measure, however, traditional IT asset management solutions are designed to track only those laptops that connect to a local area network (LAN) or virtual private network (VPN) connection. For a large proportion of laptop users, returning to head office is an intermittent event - allowing many laptop computers to remain below the radar of IT.

Encryption software is commonly referred to as the computer security fall back. In the event that a computer protected by organizational policy and physical deterrents is stolen, sensitive information on the laptop is made unreadable by encryption. For encryption software to be effective however, laptop users must consistently and accurately follow company encryption policy. Even more worrisome is the fact that more than 30% of companies believe employees are actively involved in the theft of company computers. Armed with the necessary passwords and encryption keys to access data, disgruntled or dishonest employees represent a threat that cannot be addressed by encryption alone.

The common failing of these laptop security measures is the fact that they are heavily reliant on the diligent action of laptop-using employees to remain effective. If a cable lock is not used, an authentication password is taped to the keyboard for convenience or a regular encryption process not completed, organizations remain unnecessarily vulnerable to public data breach. By the same token, complex, expensive and ultimately productivity-dampening security measures may be effective but greatly reduce the benefits of laptop computers. Endpoint security solutions complement other security measures by providing a final, user-independent layer of protection.

- more info


Data breaches continine to be CIO's concern

The FBI received a record number of complaints in 2008, and the associated direct cost of the frauds carried out with stolen data was $265 million versus $235million in 2007.  Adding to this is the challenge of securing personal information and intellectual property data.  Companies are granting access to more systems and information - bank customers access to account balances; workers maintain their own 401k and investment accounts; web shoppers place orders and make purchases with a single click; and business partners work on projects in a collaborative manner online.

To reduce the risk of a data breach or theft, organizations must adopt new tactics.  In addition, companies must address e-mail and Web security along with employing a functional data loss and prevention strategy.  The application of multiple security techniques is required to reduce risk. For example, there must be a way to control spam and block the downloading of malicious software from poisoned Web sites.  In today's open Web 2.0 and social networking environments, companies need a way to defend against attacks and protect secret or sensitive data.  At the same time, they must maintain a flexible and responsive infrastructure to support today's business working habits.

The Janco Security Manual Template has helped over 2,000 enterprises world-wide to  meet these requirements.

- more info


Pandemic Disaster Recovery Plans At Risk

Pandemic disaster recovery planning should consider the impact the H1N1 flu virus could have on the Internet if workers and students are forced to stay home because of the pandemic. Officials at the U.S. Government Accountability Office weighed in on the potential for clogged networks  in a 71 page preport.

Although the issue has been raised before by various ISPs and network carriers, recent worries have focused on securities firms that depend on third parties to clear trades and process payments over the Internet, according to the GAO.

"Internet congestion during a severe pandemic that hampers teleworkers is anticipated, but responsible government agencies have not developed plans to to address such congestion and may lack clear authority to act," the GAO warned.

Internet backbone congestion from a pandemic is not a major concern. The larger problem may be with the network "edge" or "last mile" in the residential portion of the Internet. Janco says that work-at-home strategies for organization may not work as advertized as residential Internet access may not be sufficient.  This is true both from a capacity and bandwidth at work at home sites.

Often many residential DSL users could share a single DSLAM connection at the carrier's switching office to reach the backbone, contributing to congestion problems. Last-mile DSL and cable modem networks are where remote access falls apart.

While the network edge impact would vary by neighborhood, the Centers for Disease Control planning guideline that assumes 40 percent of the workforce might not be in the workplace for an extended period of time during a pandemic.

- more info


Best Practices for CIOs and IT Departments

Business continuity is not just a good business practice - it can mean success or failure if data and applications on a production server are lost. Disaster recovery planning ensures organizations have the capability to continue essential functions across a wide range of situations that could disrupt normal operations. High availability is the cornerstone for most business continuity plans and is one of the reasons for evaluating and deploying data protection solutions. However, traditional data protection strategies focus on just the data and not the application.

CIOs and IT departments design the organization's infrastructure with continuity of business operations in mind. However, most organizations are not doing enough to protect mission-critical data, applications and systems from unexpected disruption and potential loss -- volatilities, such as viruses, power outages, natural disasters, corruption, human error and media failures can't always be prevented. Environments today are characterized by rapid data growth, complexity, stringent business requirements and the increasing government regulations, making it difficult for organizations to get their arms around their data protection strategies. In many cases, the focus is on just protecting data - not necessarily on recovering it. And when there is a focus on recovery, it usually involves just making data available to an application.

- more info


Audit Fatigue is Setting In for Some

(Internet Research Group) - Regulation is a part of business, regardless of company size, industry, or geography. In addition, for the most part, the larger the enterprise, the larger the potential for non-compliance risk. Non-compliance can mean a number of things - sanctions, fines, legal action, market value impact, and the cost of remediation may exceed the perceived cost of prevention. Audit program is required

The results are supportive of the term audit fatigue, that unmanaged IT Audit efforts within regulated organizations have a negative business impact on IT resources and reduce IT efficiency. However, respondents are largely aware of and interested in tools to automate audit processes and controls as a means of overcoming audit fatigue and freeing up IT budget and resources for innovation rather than compliance. This results in the following:

  • Compliance impact is increasing, resulting in high audit frequency and number: As can be expected, larger organizations must satisfy a number of IT audits. Small to mid-sized enterprises (SMB’s) are also subject to an increased level of compliance requirements - resulting in higher than expected IT audit engagements. Given the lack of consistent IT standards across industries and geographies for audit criteria and reporting, compliance efforts - i.e., IT audit and remediation - are largely manual.
  • Audit costs are unmanaged, resulting in increased cost: Many respondents conduct audits on an ad-hoc basis rather than as a scheduled effort of an enterprise risk-management program. Given the inability to forecast audit and remediation, spending, budgetary control is lost - exacerbating the perceived impact of compliance efforts.
  • Lack of controls automation, limited process maturity: Audit fatigue can be attributed to lack of controls automation and unmanaged IT Audit processes. Limited controls maturity - i.e., repeatable and sustainable controls enforcement and audit processes -  constrains IT innovation due to uncontrolled costs associated with IT Audit and issue remediation.
  • Security Policies and Procedures missing
- more info


CIOs controlling costs in the new year

As CIOs move into the New Year they are faced with reduced budgets and rising cost.  One of the first things that are doing is establishing standardized metrics to identify and control costs. Metrics are the key

As that process proceeds Janco suggests that CIO then do the following to control costs in the new year:

  • Justify hardware and applications - Underutilized or old systems should be taken out, and workloads should be shifted to more-efficient hardware. Rationalization and consolidation programs can reduce the number of servers deployed.
  • Consolidate data center sites and server farms - Financial savings often follow consolidation of multiple sites into a small number of larger sites.
    Manage energy and facilities cost. Tools and techniques include raising the temperature of the data center to 75 degrees Fahrenheit, using outside air when possible as an alternative to air conditioning, setting up hot aisle/cold aisle configurations and deploying server-based energy management software tools to run workloads the most energy-efficient way
  • Manage the employee and contractor costs - Workers remain the single largest cost element for most IT organizations, accounting for as much as 50% of overall costs.
  •  Eliminate or defer procurement of new assets - Servers' useful life often exceeds their amortized life, so monitor the condition of hardware carefully.
  • Monitor energy consumption - Advanced monitoring, modeling, and measuring techniques and processes are essential to the adoption of many new technologies and going green.
- more info


Security Manual Template

As enterprises move more of their business transactions online, they face the challenge of defending a perimeter that grows increasingly porous. The network firewalls that once locked down the enterprise perimeter are ineffective against Web-based threats such as SQL, Cross Site Scripting, and DDoS attacks. By exploiting common Web application security flaws, the attacks are able to cause tremendous business disruption, particularly through the theft of sensitive enterprise information as well as customer and employee personal data.

Security Manual Template

ISO 27000 / HIPAA / SOX / CobiT Compliant
Includes PCI DSS Audit Program
Table of ContentsOrder 

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis
  • Staff member roles
  • Physical security
  • Electronic Communication (email / Smartphones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Employee Termination Procedures and Forms
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document
  • Security Compliance Checklists
  • Massachusetts 201 CMR 17 Compliance Checklist

- more info


Safety Program Updated by Janco

Safety ProgramEffective management of worker safety and health protection is a decisive factor in reducing the extent and the severity of work-related injuries and illnesses. Effective management addresses all work-related hazards, including the potential hazards that could result from a change in worksite conditions or practices. Additionally, it addresses hazards whether or not they are regulated by government standards.

The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

  • Policy Statement
  • Safety Rules - including a check list of standard proven rules
  • Accident Investigation Process
  • Hazard Recognition and Control
  • Safety Committee including membership and procedures
  • Training including guidelines for orientation, job instruction, Supervisor training as well as specialized training
  • Communication including for management and employees
  • Record Keeping including inspection; accident investigation; training and coordination with Safety Committee.
  • Job Description for Safety Director (ADA compliant)
  • Technical Appendix including definition of necessary phone numbers and contact points; and sample forms:
    • First Report of Injury
    • Safety Audit Checklist
    • Alternate Work site Safety Checklist (i.e. work at home)

Order Safety Program Download Safety Program

There is an extensive description that shows how a full test of the Safety Program can be conducted. 

 

- more info


Security Manual TemplategGives CIOs one more tool

Security PoliciesA business-driven approach to security is differant than a technology-centric approach in that the business goals drive the requirements in securing the enterprise. Many enterprises take a bottoms-up approach to security since security solution vendors, more often than not, promote this approach to their clients. To close identified security gaps, enterprises broaden and bolster their defenses by continually building on top of or adding to their existing security investments. This technology-centric methodology often creates an excessively complex and disjointed security infrastructure. It becomes difficult to manage and prone to unseen vulnerability gaps, needlessly escalates IT costs and eventually fosters unnecessary operational inefficiencies that inhibit business growth rather than enhance it.Instead of trying to protect against every conceivable threat, organizations should understand and prioritize the security risk management activities that make the most sense for their organization. By understanding the level of risk tolerance within an organization, the IT team can more easily focus on mitigating risks that the organization can’t afford to neglect. Overemphasizing certain risks leads to wasted resources and efforts, while underemphasizing others can have disastrous consequences.

The Janco Security Manual template addresses these issues and is a quick way for CIOs to overcome these issues.

- more info


How to establish a telecommunting policy - Infrastructure

Telecommuting infrastructureOrganizations that have or want to establish a companywide telecommuting program should establish a formal, written telecommuting policy document that is regularly reviewed and updated by IT, human resources, legal, and finance. This will ensure that managers and the corporate services and technical support groups within the organization are aware of their respective role and responsibilities for enabling and supporting telecommuting. It also will help ensure that telecommuting employees know about their responsibilities too, along with new company and approved third-party applications and support services available outside company facilities. - more info