Sensitive Information Policy

Updated to meet the latest mandated standards
Includes a definition of what sensitive information is

Sensitive Information Policy
Electronic Sensitive Information Policy Compliance Agreement Form Included for Easy Depolyment of Policy

With identify theft and cyber attacks on the rise, you’re facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
such as:

  • Implementing an information security program
  • Encrypting data
  • Notifying customers in the event of a security breach that compromises unencrypted personal information
Order Sensitive Information Policy Download Selected Pages

To protect sensitive information, many states are now required to implement security programs that include capabilities for incident monitoring and alerting, trend reporting, logging, security information management (SIM), and other prudent security controls and practices.

This policy is easily modified and defines how to treat Credit Card, Social Security, Employee, and Customer Data.  The template is 34 pages in length and complies with Sarbanes Oxley Section 404, ISO 27000 (17799), and HIPAA. The electronic word form that is provided can be delivered electronically, completed via computer, and filed electronically.  The PCI Audit Program that is included is an additional 50 plus pages in length.

The Massachusetts and California mandated requirements were specifically included as part of the policy.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) , co-location providers, and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals). 

The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates.  (see also Nationalized ID)

You can download the Table of Contents and some sample pages by clicking on the link below.

The policy contains text that can be used immediately. For example::

General Policy Statement

The Chief Security Officer or delegate must approve all processing activities at ENTERPRISE associated with sensitive information.  This information includes but is not limited to social security numbers, credit card numbers, credit card expiration dates, security codes, passwords, customer names, customer numbers, ENTERPRISE proprietary data, and any other data (i.e. California Personal ID number) that is deemed to be confidential by ENTERPRISE, its external auditors, any governmental agency, or other body that has jurisdiction over ENTERPRISE or its industry.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
All processing, storage and retrieval activities for sensitive information must maintain the strict access control standards and the Chief Security Officer mandates the these specific polices be followed.

Order Sensitive Information Policy Download Selected Pages

Other Policies

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.

We have just completed a major update of most of the individual polices and almost all of the electronic forms.

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing


Current Information Technology News


Most security breaches are not discovered for over 9 months

July 30th, 2015

Security Breaches - Secrurity BreachesSecurity incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks.

Most companies take over 9 months to discover a breach has occurred, often only when notified by outside parties. Surprisingly, a recent research study showed that more than 90% of successful breaches used only the most basic techniques. Today's advanced breaches can work over weeks or months, sending small, innocuous packets to command-and-control servers while
capturing secure or regulated information from your systems.

Order Security Manual Download Selected Pages 

 

- more info


10 Commandments of Disaster Recovery and Business Continuity that guarantee success

July 2nd, 2015

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

 Order Disaster Plan TemplateDisaster Plan Sample

Following  the 10 commandments of disaster recovery and business contunity are the keys to a successful planning and execution of those plans.

  1. Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
  2. Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
  3. Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
  4. Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
  5. Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
  6. Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
  7. Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing— silo testing alone does not accurately reflect multiple applications going down simultaneously.
  8. Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
  9. Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
  10. Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Order Disaster Plan TemplateDisaster Plan Sample

 

- more info


Security issues that CIOs need to manage

July 1st, 2015

Security Manual

Security is a critical issues as related in several posts:

Order Security ManualTable of Contents

- more info


SEC requires security threats to be reported in 10-Ks

June 8th, 2015

SEC now requires Companies now have to report cybersecurity risks in their 10-Ks, and asdvises them to include even possible threats whose disclosure are not currently mandated by state breach-notification laws.

The SEC feels that it is better to make disclosures if a company has had a number of incidents, even if they are not individually material.

Security Policies - Procedures - Audit Tools

- more info


GPS puts us closer to 1984 as predicted in Sept 2000 in PSR Reviews

May 28th, 2015

Back in September of 2000, M V Janulaitis in PSR Reviews predicted that we were moving into a period when OrwellÂ’s 1984 would be a reality.  Today with the new legislation for the USA Freedom Act (replacement for the Patriot Act), NSA data gathering, and even TV shows that show how we all can be and are tracked.  Privacy is now a luxury that is only available in areas where there is no cell or wifi coverage.  Two historic issue that you may want to read are:

  • 2000 is Closer to 1984 Than You Think
  • Face Recognition By Computer is a Reality

  • Electronic Sensitive Information Policy

    With identify theft and cyber attacks on the rise, youÂ’re facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
    such as:

    • Implementing an information security program
    • Encrypting data
    • Notifying customers in the event of a security breach that compromises unencrypted personal information
    Order Sensitive Information PolicySensitive Information policy
    - more info


    C-Level executives within IT Articles

    May 12th, 2015

    C-Level executives within IT Related Articles

    Chief Information Officer - Chief Technology Officer

    Order CIO Job Description
    1. IT Job Descriptions Released  IT Job Descriptions have just been updated in the IT Position Descriptions HandiGuide Janco announced today the release of IT Job Descriptions in...
    2. Is It Time To Appoint a Chief Mobility Officer  Is the time right to create a Chief Mobility Officer (CMoO) position The time has arrived to legitimize and define the role of the chief...
    3. Is a Chief Mobility Officer necessary  Chief Mobility Officer now almost a necessity The idea of a company having a chief mobility officer (CMO) is not a new one. But as...
    4. 10 reasons why organizations need a Chief Mobility Officer (CMoO) Chief Mobility Officer (CMoO) business case Here are ten reasons your company needs a chief mobility officer: To deliver mobility solutions for the enterprise to...
    5. Released Internet and Information Technology Position Descriptions HandiGuide,  Internet and Information Technology Position Descriptions HandiGuide, Janco has released the Internet and IT Position Descriptions HandiGuide® which is over 700 pages; includes...
    - more info


    CFO to hold back on spending - Will that mean a pull back in IT

    April 27th, 2015

    CFO Magazine reports that April 2015 Corporate Cash Indicators more financial executives will be a little less freer with their cash expeditures this quarter.  Since over 40% of all CIOs report to the CFO this could mean there will be a pull back on IT expenditures.

    Threat Vulnerability AssessmentDownload Threat AssessementDownload Threat Assessement
    - more info


    CIO Best Practices Digest

    April 14th, 2015

    CIO Best Practices Digest

    1. Top 10 issues for CIOs in 2014 Top 10 issues for CIOs in 2014 The top 10 issues that CIOs need to address in 2014 are driven by the current economic and...
    2. Top 10 CIO Leadership and Management Traits CIOs and IT Managers who are successful have some common leadership  and management traits Are one of the people and able to get their hands...
    3. Top 10 Things a CIO Needs to Add Value  Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies...
    4. Top 10 CIO Productivity and Budgeting Issues  CIO – Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
    5. CIOs Drive Enterprise Management Processes  IT Infrastructure is key to CIOs leading enterprises in their management processes CIOs and other members of the IT management team could be the reason...
    Order CIO Job Description
    - more info


    H-1B program runs amuck

    April 9th, 2015

    H-1B program runs amuck

    Information technology workers at Southern California Edison (SCE) are being laid off and replaced by H-1B workers from India. Some employees are training their replacements, and many have already lost their jobs.

    Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

    Order Salary Survey    Free Salary Survey

    Many US IT pros are upset and say they can't understand how H-1B guest workers can be used to replace US workers given the current economic conditions.

    The SEC IT organization is expected to layoff about 400 , with another 100 or so employees leaving voluntarily.

    - more info


    21 States have unemployments rates of 6% or higher

    March 17th, 2015

    States with High Unemployment - 21 States have 6.0% or greater unemployed 

    High unemployment states

    Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

    Order Salary Survey    Free Salary Survey
    - more info


    Many companies lack basic security protocols, such as two-factor authentication

    March 2nd, 2015

    Companies are increasingly reliant on third-parties to notify them that their security has been compromised.

    Companies are continuing to find cyber attackers sooner. In the latest annual cyber-threat report the average time a company takes to detect a data breach fell to 205 days in 2014, down from an estimated 229 in 2013 and 243 in 2012.

    But as cyberattacks increase in complexity and sophistication, companies donÂ’t always have the in-house resources to detect them. As a result, only 31% of organizations discovered they were breached through their own resources last year, compared with 33% in 2013 and 37% in 2012.

    Business and professional services and retail operations saw the most online intrusions from malicious hackers in 2014. A common thread in these breaches is a lack of basic security protocols, such as two-factor authentication. Without two-factor authentication safeguards, a single stolen credential - obtained through phishing campaigns or social engineering — can leave an entire network vulnerable.

    Order Security ManualTable of Contents

  • Security Manual Template (Policies and Procedures) (ISO Compliant)
  • Security Manual Template and Audit Program
  • Security Manual Template and Disaster Recovery Business Continuity Template Bundle
  • Security Manual Template, Disaster Recovery Business Continuity Template, and Safety Program Bundle
  • Security Manual Template and Disaster Recovery Business Continuity Template Audit Bundle
  • Payment Card Industry (PCI) Data Security Audit Program
  • Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
  • Security Audit Program
  • Patriot Act Security Bundle
  • Compliance with HIPAA Standards
  • Compliance with FIPS 199
  • Threat and Vulnerability Assessment
  • Threat Risk Assessment Extended Service
  • - more info


    Disasater Recovery and the Cloud best and worst practices defined

    February 10th, 2015 Outsourcing TemplateDisasater Recovery and the Cloud best and worst practices are defined in the articles listed below

    1. Outsourcing top 10 reasons why it fails  Top 10 reasons why outsourcing fail 10 reasons why outsourcing arrangements fails No clearly defined long-term strategic organizational objective is defined – the outsourcing arrangement...
    2. Top 10 Reasons Cloud Solutions are Expanding  Top 10 Reasons Cloud Computing is Exploding As CIOs and businesses move organizations towards cloud solutions and processing there are many benefits.  The top 10...
    3. Disaster Plans now include cloud  More CIOs opt for Disaster Plans that include the cloud Once a CIO includes a cloud provider in their disaster plans the flood gates are...
    4. Many CIOs have not addressed cloud security issues  Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...
    5. 10 reasons to move Disaster Recovery to the Cloud  Top 10 reasons why the cloud makes sense for disaster recovery planning Cloud data disaster recovery protection solutions offer a combination of the latest advancements...
    Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract
    - more info


    IT salaries are moving up across the board according to Janco

    January 24th, 2015

    2015 IT Salary Survey shows that salaries for IT Pros are moving up as 112,000 jobs were added in 2014

    The 2015 Salary Survey, just released by Janco Associates and eJobDescription.com, is good news for IT Professionals.  The survey shows that hiring and salaries have improved for IT positions in most North American metropolitan areas.

    The CEO of Janco Associates, Mr. Victor Janulaitis said, “For the first time in over 6 years salaries for IT Pros have moved up almost across the board.  We believe that this is due to the fact that over 112,000 new IT jobs were created in the last 12 months and that the economy seems to be in a recovery mode.”

    The findings presented in JancoÂ’s 2015 IT Salary Survey include:

      • In 2014 the IT job market grew by 112,800 versus 74,900 and 62,500 in 2013 and 2012 respectively according to the Bureau of Labor Statistics (BLS).
    • IT Job Market Growth

      • IT compensation for all IT Professionals has increased by 2.81% in the last 12 months. 
        • Between January 2014 and January 2015 the total mean compensation for all IT Professionals has increased from $79,352 to $81,583.  This puts overall compensation back at the levels they were at in January 2008 and 2007.
        • In mid-sized enterprises, the mean total compensation for all positions has increased by 3.23% from $76,198 to $78,656.   
        • In large enterprises, the median compensation has risen from $83,197 to $84,550.

      • CIOs compensation has moved up (2.28%) in larger companies and slightly less (2.15%) in smaller and mid-sized companies in the past 12 months.  The mean compensation for CIOs in large enterprises is now $185,359 and $175,205 in mid-sized enterprises.
        • Media CIO tenure has increased from 4 years and 3 months to 4 years and 4 months.  In companies of all sizes fewer CIOs have changed jobs in the last 12 months than in prior years.
      • Positions in highest demand are all associated with the quality control, BYOD implementation, capacity planning and service level improvement.
      • Over the long term IT executives have fared better in mid-sized companies than large companies.
        • In mid-sized companies IT executive salaries have recovered all of the losses sustained in the recession and in some cases exceeded prior highs.
        • In large companies IT executive salaries are where they were in 2008.
      • Cost control is still the rule of the day; however we have seen an increase in the number of "part-timers" and contractors who are focused on particular critical projects. 
      • On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
        • A number of enterprises are moving help desks and data center operations in-house which has resulted in an increase demand for data center managers.
      • Mandated requirements for records management systems and electronic medical records have increased the demand for quality control staff and custodians (librarians) of mechanized records.
      • Companies are continuing to refine the benefits provided to full time IT professionals. Though benefits such as health care are available to 80%, IT professionals are now paying a greater portion of that cost.
      Order Salary Survey  Provide Salary Data  Free Salary Survey
      IT Job Market Growth
    • IT compensation for all IT Professionals has increased by 2.81% in the last 12 months. 
      • Between January 2014 and January 2015 the total mean compensation for all IT Professionals has increased from $79,352 to $81,583.  This puts overall compensation back at the levels they were at in January 2008 and 2007.
      • In mid-sized enterprises, the mean total compensation for all positions has increased by 3.23% from $76,198 to $78,656.   
      • In large enterprises, the median compensation has risen from $83,197 to $84,550.

    • CIOs compensation has moved up (2.28%) in larger companies and slightly less (2.15%) in smaller and mid-sized companies in the past 12 months.  The mean compensation for CIOs in large enterprises is now $185,359 and $175,205 in mid-sized enterprises.
      • Media CIO tenure has increased from 4 years and 3 months to 4 years and 4 months.  In companies of all sizes fewer CIOs have changed jobs in the last 12 months than in prior years.
    • Positions in highest demand are all associated with the quality control, BYOD implementation, capacity planning and service level improvement.
    • Cost control is still the rule of the day; however we have seen an increase in the number of "part-timers" and contractors who are focused on particular critical projects. 
    • On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
      • Order Salary Survey    Free Salary Survey
    - more info


    Cloud based application improve productivity

    January 14th, 2015

    Accounting systems must be up-to-date in order to provide the fastest and most efficient reporting.  Cloud-based financial management solutions let companies:   

    • Eliminate tedious, error-prone, reports from Microsoft Excel.
    • See up-to-date and accurate data on every area of your business.
    • Easily create and share customized reports across your organization.
    • Achieve unprecedented agility to ensure your business keeps up with change.

    How to Guide for
    Cloud Processing and Outsourcing

    ISO Compliant - Including ISO 31000

    Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract

    "How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship," says a CIO of a Fortune 100 company.

    - more info


    Mobile computing explosion causes security risks to multiply

    November 29th, 2014

    Global mobile traffic grew 60 percent in 2013 alone and is projected to increase 11-fold by 2018. With limited IT budgets and resources, how will CIOs and IT Managers succeed in managing and securing thier network in the mobile workplace revolution?

    Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

    • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
    • Mobile Device Access and Use Policy (more info...)
    • Record Management, Retention, and Destruction Policy (more info...)
    • Social Networking Policy (more info...) Includes electronic form
    • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
    • Travel and Off-Site Meeting Policy (more info...)
    Order
    - more info


    What is the cost of a business iinterruption?

    November 27th, 2014

    Four steps that must be taken to determine if a business continuity plan is worth the investment are listed below. This will allow the organization to determine real dollar cost per downtime event, calculate acceptable data recovery points and return to operation goal. This data will then allow an organization to align itself to a particular disaster recovery organization(s) skill sets and capabilities.

     Order Disaster Plan TemplateDisaster Plan Sample

    MTO Disaster Timeline

    • Conduct a Business Impact Analysis -- The first step is to conduct a business impact analysis. A BIA maps the interdependencies between each system (physical and virtual), application, and component with each business process and service provided. Based on the information collected in that process, a determination can be made on the consequences to the business as a result of disruption. This analysis should prioritize the importance of each process, application, and components in terms of cost to the business when they are no longer accessible. Those costs should include but are not limited to the following:
          1. Lost productivity
          2. Lost revenue
          3. Complicance risk
          4. Reputation loss
    • Determine Recovery Time Objective -- The next step is to determine the Recovery Time Objective (RTO). RTO is the amount of time that a business process must be restored in order to meet Service Level Objectives (SLO) for the business. Organizations need to meet Recovery Time Objectives in order to avoid catastrophic consequences when a process or application continues to be unavailable. While system and component RTOs are important, the application RTO is what is important to the customer, whether internal or external. The RTO is established during the Business Impact Analysis portion of the Business Continuity Plan (BCP).
    • Determine Recovery Point Objective - Next you need to determine the Recovery Point Objective (RPO). RPO is the amount of data loss that is acceptable for a certain time period as part of Business Continuity Planning (BCP). A certain amount of data loss for some processes is tolerable (i.e. a data entry clerk types data in manually to process sales orders, if the data entry clerk keeps the paper files for one day, then the RPO would be 24 hours). Recovery Point Objectives should be carefully planned for each process and application, as traditional backup and restore methods may not meet today's demanding business environments. Snapshot and replication technology enablers are needed in most environments to meet shrinking RPO time requirements. Calculate Cost of Downtime per Hour - How Much Does It Really Cost?
          1. Labor cost per employee multiplied by percentage of employees affected by application or service interruption.
          2. Average revenue per hour multiplied by percentage of revenue affected by outage.

     Order Disaster Plan TemplateDisaster Plan Sample

    - more info


    Recent CIO and IT Management Articles

    November 8th, 2014

    Recent IT Management Articles

    - more info


    Vendor Management - CIOs need to magage vendors more effectively

    October 2nd, 2014

    CIOs should not under estimate or under value the time that needs to be spent managing the vendors.  CIOs need to managing vendor expectation, performance, and the vendor's understanding of your priorities.

    CIOs need a clear plan to define metrics, evaluate, and manage the day to day performance of vendors. If they do this it will ensure problems are spotted early and actively managed so they don't blow up into relationship damaging crisis. In addition CIOs need an exit plan for each vendor to ensure any transition is smooth with the vendors obligations clearly defined.

    Order CIO Job Description

    - more info


    CIO tools readings and posts

    August 22nd, 2014

    CIO tools readings and posts

    Related posts:

    1. 10 Best Practices for Staffing 10 Best Practices to Staff – Hire and Retain World Class Creative IT Professionals 10 Best Practices  - Janco Associates has found the top ten...
    2. Top 10 Project Manager Challenges Top 10 Project Manager Challenges Top 10 Project Manager Challenges have been identified in a survey that was conducted by Janco Associates.  One of the...
    3. IT Job Descriptions Update Service is Announced by Janco IT Job Descriptions Update Service is Announced by Janco JancoÂ’s IT job descriptions are constantly being updated to meet the latest technology and compliance requirements....
    4. 2014 IT Job Descriptions Released IT Job Descriptions have just been updated in the 2014 IT Position Descriptions HandiGuide Janco announced today the release if 263 IT Job Descriptions in...
    5. Released Internet and Information Technology Position Descriptions HandiGuide Internet and Information Technology Position Descriptions HandiGuide, Janco has released the Internet and IT Position Descriptions HandiGuide® which is over 700 pages; includes...

    CIO - CTO  Changing Role

    Chief Information Officer - Chief Technology Officer

    Order CIO Job Description
    - more info


    Productivity on the upswing - Is the economy finally recovering

    August 13th, 2014

    The Deparment of Labor (DOL) released a report showing that U.S. worker productivity has risen in the second quarter of 2014. This is a greater increase than expected based on previous estimates.

    Productivity increased at a 2.5% annualized rate, after a revised 4.5% decrease in the prior three months that was the biggest since 1981, according to the DOL.

    The positive news comes a month after JulyÂ’s favorable jobs report, which showed that employers added more than 200,000 workers to payrolls for a sixth straight month, the first time thatÂ’s happened since 1997.

      IT Hiring KitIT Salary Data  IT Job Descriptions

    - more info


    Drive Business Success via Inovation

    July 25th, 2014

    With the advent of Big Data driving swift transformation in many organizations' IT functions, uncertainty and fear of change can put the brakes on the vital ability to innovate. How can IT leaders help their teams to conquer uncertainty and embrace change in order to drive innovation and unlock the potential of data-informed decision making?

    Creativity and Innovation in the Organization prepares you to foster a creative mindset across your enterprise - and to exploit uncertainty and chaos to unleash powerful ideas that drive results.

    IT Infrastructure PoliciesInfrastructure Policy Sample

    The policies that Janco has created are a must have that every enterprise needs. They can all be accessed by going to thePolicy Master Page (more info...) or the individual policies can accessed directly by clicking on the links below.

    • CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
      • Backup and Backup Retention Policy (more info...)
      • Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form
      • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
      • Google Glass Policy Template (more info...) Includes electronic Google Glass Access and Use Agreement Form
      • Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path
      • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy
      • Mobile Device Access and Use Policy (more info...)
      • Patch Management Policy (more info...)
      • Outsourcing Policy (more info...)
      • Physical and Virtual Security Policy (more info...)
      • Record Management, Retention, and Destruction Policy (more info...)
      • Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
      • Service Level Agreement (SLA) Policy Template with Metrics (more info...)
      • Social Networking Policy (more info...) Includes electronic form
      • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
      • Text Messaging Sensitive and Confidential Information (more Info...)
      • Travel and Off-Site Meeting Policy (more info...)
      • IT Infrastructure Electronic Forms (more info...)

    IT Infrastructure PoliciesInfrastructure Policy Sample

    - more info


    Europe's CIO brace for a recovery

    July 11th, 2014

    The European tech market has been down for several years. With most European economies emerging from recession, and Germany, Poland, and the UK doing better than that, CIOs in Europe can at last think about growing their tech budgets in 2014 and especially in 2015. Customer-facing technologies for sales and marketing and mobile and analytics technologies will see the strongest growth, contributing to relatively strong growth in software and communications equipment. Growth will solidify in 2015.

    Order Salary Survey    Free Salary Survey

    - more info


    Top 10 Lists for Disaster Recovery and Business Continuity

    April 26th, 2014

    Disaster Recovery
    1. Top 10 tips for Disaster Recovery in a Small Business – best way to protect your data Disaster Recovery for a Small Business Baseline for best practices defined in Janco’s Disaster Recovery Business Continuity Template. As requirements for avoiding downtime become increasingly...
    2. Top 10 Disaster Recovery Best Practices As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
    3. 10 Commandments of Disaster Recovery and Business Continuity 10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
    4. Intermedia.net violates 10 commandments of business continuity plan fails Intermedia.net business continuity plan non-functional Failed Business Continuity – This morning about 2:00 AM MST one of the largest providers of cloud services went down. ...
    5. 10 tips for surviving a natural disaster Failing to prepare for a natural disaster is not an option for businesses. ThatÂ’s because 75 percent of companies without business continuity plans fail within...

     Order Disaster Plan TemplateDisaster Plan Sample

    - more info


    Security is key to keeping cybercriminals at bay

    March 27th, 2014

    To catch a sophisticated cybercriminal in today's age, IT departments must look deeper into their web traffic and examine many sources of information about web visitors and sessions to determine what behavior is typical and what is not. Existing solutions for detecting and analyzing online criminal behavior usually identify either pre-authentification threats , or post authentification threats (fraud products) but unfortunately not both.

    Security Manual Purchase Options

    Order Security Manual
    Sample DRP
    - more info


    Security News Digest

    March 10th, 2014

    Security Manual

    Security News Digest

    1. Cybersecurity IT Pros are in short supply  IT Pros who can handle cybersecurity are in short supply Cybersecurity specialist are not being trained by our educational system and this shows with high...
    2. Top 10 Data Security Risks for Cloud Storage  There is tremendous anxiety about security risks in the cloud. CIOs and CSOs worry whether they can trust their users (both internal and external to...
    3. 10 Certifications for Cloud Professionals  10 Certifications for Cloud Professionals Hear are 10 certifications for Cloud professionals.  Some are hardware and software specific and others are independent of hardware and...
    4. ERP Job Descriptions  ERP – Enterprise Resource Planning Job Description Bundle Released Janco has just released 15 Enterprise Resource Planning Job Descriptions in its ERP Job Description Bundle. ...
    5. IT Security Decision Process  IT Security Decision Process The IDG Enterprise Role & Influence of the Technology Decision-Maker survey helps CIOs understand their evolving roles and influence in todayÂ’s...
    Order Security ManualSample DRP
    - more info