Sensitive Information Policy

Updated to meet the latest mandated standards
Includes a definition of what sensitive information is

Electronic Sensitive Information Policy Compliance Agreement Form Included for Easy Depolyment of Policy

Includes User Bill of Rights for Sensitive Data and Privacy

Sensitive Information PolicyWith identify theft and cyber attacks on the rise, you're facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
such as:

  • Implementing an information security program
  • Encrypting data
  • Notifying customers in the event of a security breach that compromises unencrypted personal information

To protect sensitive information, many states are now required to implement security programs that include capabilities for incident monitoring and alerting, trend reporting, logging, security information management (SIM), and other prudent security controls and practices.

Order Sensitive Information PolicyDownload Selected Pages
This policy is easily modified and defines how to treat Credit Card, Social Security, Employee, and Customer Data. The template is 34 pages in length and complies with Sarbanes Oxley Section 404, ISO 27000 (17799), and HIPAA.  The electronic word form that is provided can be delivered electronically, completed via computer, and filed electronically. The PCI Audit Program that is included is an additional 50 plus pages in length.

The Massachusetts and California mandated requirements were specifically included as part of the policy.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) , co-location providers, and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).  

The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates. (see also Nationalized ID)

The policy contains text that can be used immediately. For example::

General Policy Statement

The Chief Security Officer or delegate must approve all processing activities at ENTERPRISE associated with sensitive information. This information includes but is not limited to social security numbers, credit card numbers, credit card expiration dates, security codes, passwords, customer names, customer numbers, ENTERPRISE proprietary data, and any other data (i.e. California Personal ID number) that is deemed to be confidential by ENTERPRISE, its external auditors, any governmental agency, or other body that has jurisdiction over ENTERPRISE or its industry.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
All processing, storage and retrieval activities for sensitive information must maintain the strict access control standards and the Chief Security Officer mandates the these specific polices be followed.

You can download the Table of Contents and some sample pages by clicking on the link below.
Order Sensitive Information PolicyDownload Selected Pages

Other Policies

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.

We have just completed a major update of most of the individual polices and almost all of the electronic forms.

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing


Current Information Technology News


Mobility and computing recent articles

Mobility computing articles that are must reads

Mobility PolicySome recent articles on mobility and computing:

Order

- more info


Staffing Issues CIO Need to be Aware of

Staffing Issues the CIO Needs to be Aware of

Overseeing staffing, a hat that many CIOs wear, may mean having to make crucial decisions about hiring and policy, performance management and discipline, and employee terminations.

Five employment law issues should be on the radar of CIOs who oversee the staffing function.

  1. State and Local Wage and Hour Laws - Laws governing hours of work and payment of wages are a leading source of employee claims.
  2. Federal, State, and Local Leave Laws - Similarly, different states and cities may have medical leave and paid sick-time laws that differ significantly from what CIOs are familiar with under federal law or the law in the the company's headquarters state.
  3. Independent Contractors - Claims by individual contractors alleging that they were misclassified and should have been treated as employees are now very common.
  4. Separation Agreements - Using a one-size-fits-all separation agreement may result in paying an employee severance pay and not getting an enforceable release of all legal claims in return.
  5. Using Contracts to Protect Business Info and Customer Relationships -  CIOs of growth companies may need to be responsible for evaluating whether the company is taking the steps to ensure that, if necessary, restrictive employee contracts will be enforced by courts to the greatest possible extent.

Order IT Job Description

Sample job description

Download Selected IT Job Descriptions

- more info


Is your enterprise prepared for Brexit?

Is your enterprise prepared for Brexit?

Brexit issuesHere are some of the questions that need to be answered:

  • It will take at least two years for the UK to disentangle from the EU. How will this period of uncertainty affect our company? Compliance? Security?
  • How much business do we conduct with Europe?
  • Would a less regulation hurt us?
  • Would a delay in a new compliance rules with Europe hurt us?
  • Freedom of movement within the EU is already changing. What further outcomes could UK departure cause both for EU citizens who want to work here and UK citizens who work in Europe? Mobility issues?
  • Will there be any potential staffing problems?
  • Will Brexit have any impact on our suppliers and our supply chain?
  • If EU regulations no longer apply where might the UK government impose new regulations?
  • Could the swift decline in the value of the pound hurt us?

Order Compliance Kit

- more info


Will EU privacy requirements kill US based cloud processing

Will EU privacy requirements kill US based cloud processing

EU privacy requirementsEUs new privacy regulations require that data remain in the EU.  That means that companies must build on-premises applications in Europe to house this information. Costs are high include on-premises servers, in annual licensing fees, payroll and human resources systems, and additional head count, not to mention ongoing training and support expenses. and human resources systems, and additional head count, not to mention ongoing training and support expenses.

Order Cloud Outsourcing TemplateDownload Selected Pages

- more info


Password Security Tip

Password

Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

Order Security ManualSample DRP
- more info


Top 10 Cloud postings

Top 10 cloud postingsTop 10 Cloud postings

Order Cloud Outsourcing Template  Download Selected Pages

- more info


Demand for wearable devices explodes

Demand for wearable devices explodes

Wearable vendors shipped 27.4 million devices in the fourth quarter of 2015. That is almost 130% more than the last quarter of 2014  For the whole year, worldwide wearable shipments amounted to 78.1 million devices, up 171.6 percent from 2014.

The triple-digit growth shows that "wearables are not just for the technophiles and early adopters.

Wearable Device Policy

The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate

Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity


 Download Selected Pages


Mobility Policy Bundle
 (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
Order
- more info


Physical security now a major concern of CIOs

Terrorist AttackPhysical security now a major concern of CIOs

With the recent terrorist attack physical security is seen as growing concern for all organizations. Among the ranks of potential threats that organizations face, acts of terrorism is an increasing concern.

More than one half of all CIOs that we have talked to have expressed concern about the possibility of both an act of terrorism or a security incident such as vandalism, theft or fraud disrupting their organization.

Order Security Manual Download Selected Pages 

- more info