Sensitive Information Policy

Updated to meet the latest mandated standards
Includes a definition of what sensitive information is

Electronic Sensitive Information Policy Compliance Agreement Form Included for Easy Depolyment of Policy

Includes User Bill of Rights for Sensitive Data and Privacy

Sensitive Information PolicyWith identify theft and cyber attacks on the rise, you're facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
such as:

  • Implementing an information security program
  • Encrypting data
  • Notifying customers in the event of a security breach that compromises unencrypted personal information

To protect sensitive information, many states are now required to implement security programs that include capabilities for incident monitoring and alerting, trend reporting, logging, security information management (SIM), and other prudent security controls and practices.

Order Sensitive Information PolicyDownload Selected Pages
This policy is easily modified and defines how to treat Credit Card, Social Security, Employee, and Customer Data. The template is 34 pages in length and complies with Sarbanes Oxley Section 404, ISO 27000 (17799), and HIPAA.  The electronic word form that is provided can be delivered electronically, completed via computer, and filed electronically. The PCI Audit Program that is included is an additional 50 plus pages in length.

The Massachusetts and California mandated requirements were specifically included as part of the policy.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) , co-location providers, and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).  

The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates. (see also Nationalized ID)

The policy contains text that can be used immediately. For example::

General Policy Statement

The Chief Security Officer or delegate must approve all processing activities at ENTERPRISE associated with sensitive information. This information includes but is not limited to social security numbers, credit card numbers, credit card expiration dates, security codes, passwords, customer names, customer numbers, ENTERPRISE proprietary data, and any other data (i.e. California Personal ID number) that is deemed to be confidential by ENTERPRISE, its external auditors, any governmental agency, or other body that has jurisdiction over ENTERPRISE or its industry.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
All processing, storage and retrieval activities for sensitive information must maintain the strict access control standards and the Chief Security Officer mandates the these specific polices be followed.

You can download the Table of Contents and some sample pages by clicking on the link below.
Order Sensitive Information PolicyDownload Selected Pages

Other Policies

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.

We have just completed a major update of most of the individual polices and almost all of the electronic forms.

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

Current Information Technology News

Is your enterprise prepared for Brexit?

July 1st, 2016

Is your enterprise prepared for Brexit?

Brexit issuesHere are some of the questions that need to be answered:

  • It will take at least two years for the UK to disentangle from the EU. How will this period of uncertainty affect our company? Compliance? Security?
  • How much business do we conduct with Europe?
  • Would a less regulation hurt us?
  • Would a delay in a new compliance rules with Europe hurt us?
  • Freedom of movement within the EU is already changing. What further outcomes could UK departure cause both for EU citizens who want to work here and UK citizens who work in Europe? Mobility issues?
  • Will there be any potential staffing problems?
  • Will Brexit have any impact on our suppliers and our supply chain?
  • If EU regulations no longer apply where might the UK government impose new regulations?
  • Could the swift decline in the value of the pound hurt us?

Order Compliance Kit

- more info

Will EU privacy requirements kill US based cloud processing

May 20th, 2016

Will EU privacy requirements kill US based cloud processing

EU privacy requirementsEUs new privacy regulations require that data remain in the EU.  That means that companies must build on-premises applications in Europe to house this information. Costs are high include on-premises servers, in annual licensing fees, payroll and human resources systems, and additional head count, not to mention ongoing training and support expenses. and human resources systems, and additional head count, not to mention ongoing training and support expenses.

Order Cloud Outsourcing TemplateDownload Selected Pages

- more info

Password Security Tip

May 2nd, 2016


Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

Order Security ManualSample DRP
- more info

Top 10 Cloud postings

March 30th, 2016

Top 10 cloud postingsTop 10 Cloud postings

Order Cloud Outsourcing Template  Download Selected Pages

- more info

Demand for wearable devices explodes

March 10th, 2016

Demand for wearable devices explodes

Wearable vendors shipped 27.4 million devices in the fourth quarter of 2015. That is almost 130% more than the last quarter of 2014  For the whole year, worldwide wearable shipments amounted to 78.1 million devices, up 171.6 percent from 2014.

The triple-digit growth shows that "wearables are not just for the technophiles and early adopters.

Wearable Device Policy

The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate

Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity

 Download Selected Pages

Mobility Policy Bundle
 (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
- more info

Physical security now a major concern of CIOs

February 18th, 2016

Terrorist AttackPhysical security now a major concern of CIOs

With the recent terrorist attack physical security is seen as growing concern for all organizations. Among the ranks of potential threats that organizations face, acts of terrorism is an increasing concern.

More than one half of all CIOs that we have talked to have expressed concern about the possibility of both an act of terrorism or a security incident such as vandalism, theft or fraud disrupting their organization.

Order Security Manual Download Selected Pages 

- more info

Ransomware is more common than you think

January 22nd, 2016

Ransomware is more common than you think

RansomewareRansomeware has grown in occurrence and sophistication in recent months. One of the best known forms, called CryptoWall, just had Version 4 released.  It has a greatly improved ability to hide from antivirus software and firewalls. It is estimated that the  distributors of CryptoWall made more than $25 million in 2015. There have been recent indications that the bad actors are concerned about maintaining the belief that paying the ransom will really allow for file recovery. As such, in some instances, they have been found on PC help forums, assisting victims with file recovery and payment issues. How big of them!

Ransomeware typically ignores local drives but attacks server drives.  It will encrypt the data files and accounting databases on the server.

Malwarebytes is a great tool you can use to eradicate the actual infection from any PCs. Once that is done you can began to plan for file recovery.

Order Security Manual Download Selected Pages

- more info

Some executive fight security practices

January 7th, 2016

Some executive fight security practices

Security PoliciesEven today there are clashes with senior business executives that make it more challenging for CSOs and CISOs to create a secure environment.

Many of the conflicts that occur between security and business executives are due to ongoing philosophical differences regarding risk and convience.  Many of them feel they are above the standards and can do whatever they want.

Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data.

Order Security Manual Download Selected Pages

- more info