---

 

Travel and Off-Site Meeting Policy

Protect your data from lost and theft

Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other  employees, contractors, suppliers and customers data and software can be compromised.  This policy is seven (7) page in length and covers:

• Laptop and PDA Security
• Wireless and Virtual Private Networks (VPN)
• Data and Application Security
• Public Shared Resources
• Minimizing attention
• Off-Site Meetings
• Remote Computing Best Practices

This policy has been updated to reflect the requirements of PCI-DSS, Sarbanes-Oxley, HIPAA, and ISO.  The policy comes as both a WORD file and a PDF file utilizing a standard CSS style sheet.

Laptops can and do get lost or stolen. In studies conducted by several security firms, it has been found that over 50% of all lost or stolen laptops disappear at airport security checkpoints an departure gates. Unfortunately almost 70% of these laptops are never recovered.

---

Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.

• CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)
  • Backup and Backup Retention Policy
  • Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
  • BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
  • Incident Communication Plan Policy (Updated to include social networks as a communication path)
  • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
  • Mobile Device Access and Use Policy
  • Patch Management Policy
  • Outsourcing Policy
  • Record Management, Retention, and Destruction Policy
  • Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
  • Service Level Agreement (SLA) Policy Template with Metrics
  • Social Networking Policy (includes electronic form)
  • Telecommuting Policy (includes 3 electronic forms to help to effectively manage work at home staff)
  • Travel and Off-Site Meeting Policy
  • IT Infrastructure Electronic Forms

 

 

 

 

 

 

IT Policies and Procedures News

---

Mobile computing drives CIOs to focus on many compliance issues

Mobile devices let you do business any time and from almost anywhere. Share with colleagues from the beach, respond to a vendor from an airport, and close deals from commuter trains. But the enormous power of anywhere/anytime business comes with risks, especially if you work in a regulated industry or if your company is subject to corporate governance requirements.

Janco's Mobility Policy Bundle provides set of rules of the road that address issues like

• Best practices on usage of mobile devices including security compliance
• How to use social media compliantly on mobile devices
• Engaging effectively with your social connections
• How to untangle the complicated web of regulatory, legal, and corporate compliance requirements related to usage of mobile devices
• How the Mobility Policy Bundle helps you be compliant

Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

• BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
• Mobile Device Access and Use Policy (more info...)
• Record Management, Retention, and Destruction Policy (more info...)
• Social Networking Policy (more info...) Includes electronic form
• Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
• Travel and Off-Site Meeting Policy (more info...)
  

- more info

---

Cybercrime watch

• Bank security weaknesses led to cyber looting of $45M from ATMs
• Payment card processors hacked in $45 million fraud
• Spamhaus DDoS suspect extradited to the Netherlands
• Accused SpyEye virus creator extradited to the U.S.
• Dutch bill would give police hacking powers
• DDoS suspect used a van as a mobile office, Spanish police say
• Dutch man arrested in connection with major DDoS attack on Spamhaus
• Australia charges man claiming to be LulzSec leader
• One in five data breaches are the result of cyberespionage, Verizon says
• Former LulzSec member gets prison sentence for Sony Pictures hack

- more info

---

Weak spending - a drag on IT Growth

Consumers spent more in March without raiding savings accounts, despite a smaller-than-expected bump in income, but the data still point to a slowly growing economy on the verge of stalling.

Spending climbed just 0.2% in March after a 0.7% surge in February, the Commerce Department said Monday. But that was better than forecasts for 0.1%.

Personal income also rose 0.2%, down from 1.1% in the prior month and below expectations for 0.4% growth. And while consumers didn't dip into rainy-day funds, they didn't add much to them either. The savings rate held at a modest 2.7%.

Lower gas prices probably helped households stay out of their savings accounts, said the president of Naroff Economic Advisors. But that's not a sustainable path to growth.

- more info

---

Health IT funding is hot

Funding for health IT startups hit nearly $500 million during the first quarter of 2013, according to a new report from Mercom Capital Group, and the number of companies receiving funding more than doubled from last year.

Some of the areas getting funding include telehealth, mobile health and scheduling apps for patients

The most important aspect of any business is recruiting, selecting, and retaining top people. Research shows those organizations that spend more time recruiting high-caliber people earn 22% higher return to shareholders than their industry peers. However, most employers do a miserable job selecting people. Many companies rely on outdated and ineffective interviewing and hiring techniques. This critical responsibility sometimes gets the least emphasis.

- more info

---

IT Infrastructure key to productivity

With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.

The IT staff at many businesses often spends a majority of its time on time-consuming lowvalue procedures and manual IT management tasks that keep the servers, network and storage running but detract from more strategic IT initiatives. Better tools for systems management can deliver automation and monitoring capabilities that reduce the amount of time needed manage the infrastructure and allow more time for the development and deployment of new applications and IT services that help grow the business.

Related posts:

1. Top 10 Selection Criteria for a Disaster Recovery Cloud Provider Cloud disaster recovery business continuity When looking for cloud providers of Disaster Recovery and Business Continuity Services you need to establish that they will be...
2. 10 steps to cloud disaster recovery planning Many companies now are including cloud disaster recovery process in their business continuity plans.   Janco has found that disaster plans that include the cloud if...
3. Options for a data center disaster recovery strategy Data Center disaster recovery strategy – options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy — Hot...
4. DRP BCP Best Practices Defined DRP BCP Best Practices Defined Here are some Disaster Recovery Business Continuity best practices   Keep your primary backup  disaster recovery business continuity data in...
5. Disaster Recovery Plan in the cloud Paper disaster recovery and business continuity plans are difficult to keep up to date and be available for the recovery process. One solution that we...

- more info

---

Disaster recovery and business continuity have changed

Are your backup and DR challenges pulling you in different directions? Are virtual servers complicating your backup processes? Each area of data protection has its own set of challenges, particularly in terms of the cost and difficulty managing service levels (SLAs).

 

There is a solution to this problem the Janco Disaster Recovery Business Continuity Plan Template. It will guide you to go beyond outdated recovery techniques methods into the future.

- more info

---

BYOD - What you need to know

BYOD is now a reality for most enterprises.  Some great resources for these are:

BYOD Policy Template by  Victor Janulaitis

BYOD Boosts Mobile Management Costs by Clint Boulton

BYOD policies jacking up companies’ IT costs by Brad Reed

When BYOD goes wrong by Darragh Delaney

BYOD, Virtualization, Mobile Will Make 45% of Networks Obsolete by 2016 by Esther Shein Recent Blog Posts 10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations.  CIOs are in the cross hairs and need to follow... Who owns a BYOD  Issues on ownership of BYODs Organizations of all sizes face the legal question of who actually needs to own the device. There’s no clear answer... Released BYOD Policy Template - Bring-Your-Own-Device BYOD Policy Template Janco has announced an update to  the “BYOD Policy Template - Bring-Your-Own-Device”. BYOD Policy Template Includes an electronic form for employee agreement... BYOD a reality - over 90% support them  BYOD policies are a must With the advent of Bring-Your-Own-Device - BYOD and the ever increasing mandated requirements for record retention and security CIOs are... Mobile devices and BYOD drive CIO priorities  Mobile devices and BYOD drive CIO priorities Mobile devices are becoming increasingly vital in the way we connect, engage, and understand our customers. But most...

- more info

---

CIOs face a security nightmare with the drive towards BYOD and cloud computing

High achieving employees typically want newer,faster and higher performance hardware than their employers provide for them across various platforms: desktop PCs, smartphones, and tablets. Often decisions about personal devices are not constrained by the return-on-investment and limited budget considerations that limit IT decision making.

The pervasiveness of BYOD is document many research studies:

• A Research and Markets study shows that 65% of enterprises worldwide have adopted BYOD to some extent by the end of 2012.
• An Aberdeen Group study shows that 75% of companies permit BYOD.
• Equanet says that 71% of tablets used in a business setting are employeeowned.
• Some companies are migrating to a completely BYOD approach, such as Cisco, where 100% of mobile devices are provided by employees and not the company itself.

- more info

---

H-1B Visas taken up by outsourcers

Offshore outsourcing companies continued to make up the majority of the top H-1B visa users in 2012, according to new government data. These offshore firms have been adding employees by the thousands as their revenues increase. Cognizant, a New Jersey-based IT services provider with major operations overseas, led the list. The company had 9,281 visas approved in 2012 versus 5,095 in 2011.

- more info

---

Cloud Disaster Recovery Best Practices

Creating out a complete disaster recovery infrastructure can be cost prohibitive for many organizations we’ll look at ways to leverage public cloud to supplement your backup and disaster recovery solutions.  Ten best practices are:

1. The cloud can fail - have local backups that are your local servers
2. Not all systems are critical - determine ahead of time what application are mandatory
3. Be ready with continuous backup - traditional tape backups will not do
4. Have a tested plan in place on how and what you want to restore
5. Backup everything that you need for the Operating System (ie Virtual Machines) to work
6. Keep long term data storage out of the cloud to minimize expense
7. Validate the security of the cloud environment
8. Run the recovery process completely in the cloud
9. Use a single solution for backup and recovery of data in both the cloud and local environment
10. Test the entire process at least annually.

- more info

---

BYOD Policy CIOs can easily implement

With the advent of user owned device and the ever increasing mandated requirements for record retention and security CIO are challenged to manage in an ever more complex and changing environment. 

Before you start the process of implementing BYOD policies the CIO needs to ensure that what is created meets the an enterprise’s compliance, culture and operational requirements.  This requires defining the scope and objectives of the policy:

• Cost - Who will pay for the data plan? Will rewards will you provide to get people to buy in?
• Agree to Acceptable Use - What terms will you include in your Acceptable Usage Policy, and how will you ensure your employees understand and agree to it?
• Mandated requirements :   You will have to account for factors such as open source variables for  Android implementations for different devices  and any security or regulatory requirements that relate to your industry (i.e. Healthcare HIPAA compliance)
• Security: Will the policy state how you enforce passwords? Encryption? Do you want to blacklist any applications?
• Management: How will you manage the devices connected to your network?

- more info

---

Employee retention a CIO concern

1. 5 tips to improve productivity (13.2) 5 tips to improve productivity The Internet is full of ways to improve productivity, but in Jeff Haden’s latest column for Inc., he offers five...
2. Employee Tenure – Telecommunications workforce is aging (11.5) Employee Tenure – Telecommunications workforce is aging The latest analysis of BLS data by Janco Associates and eJobDescription.com shows that employees in telecommunications are an...
3. CIO and Productivity (11.5) CIOs drive productivity Looking ahead, managers and CIOs in particular have a focus on productivity.  That not only applies to the IT staff but to...
4. Top 10 Things a CIO Needs to Add Value (8.4) Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies...
5. Productivity Improved By Telecommuting (7.6) A growing number of enterprise employees are telecommuting – ranging from ad hoc work from home due to temporary family situations to full-time telework/home work...

- more info

---

CIO's critical new role

IT departments excel at boosting efficiency but fall short of driving business growth.

Technologies such as cloud computing, mobility, and data analytics can put IT in a position to move beyond traditional support/maintenance expectations and assume a more strategic role in the business. But most tech departments aren't taking advantage of the opportunity.

What business problem needs a fix?

If there is one issue to latch onto and never let go of, it's properly articulating the nature of the business problem the organization is working to solve -- everything else is just details.

What is the scope of the program under consideration?

Next up is project scope, which, like the weather, is one of those topics everyone talks about but no one does anything about. That is unfortunate because getting the scope wrong can cause a lot more problems than forgetting to take your umbrella to work.

What's your measure of success?

The last of my Big Three questions is one that many people do not include as a critical element of planning document management programs, but instead address it along the way. Identifying how the organization will measure success is fundamental because if you do not know what your goal is -- in measurable terms -- it becomes difficult to know when you have reached it.

By answering these three questions, you develop a thorough understanding of what your organization is trying to accomplish, and for whom. That will unlock the door to crafting the right strategy, choosing the most effective document imaging and management software package, and maximizing the total business value gained from the program over time.

- more info

---

Business continuity requirements for distribution organizations

Four critical areas in which planning is necessary to ensure a strong business continuity effort in the aftermath of a catastrophic event in a distribution compay are:

• Visability across your own network is critical.
• Committment to predetermined processes and to training your employees in the event of a disaster
• Implementation of social technologies, like Infor social and ION technologies, that allow you to broadcast in a Facebook like capacity to your customers and suppliers
• Organizational integration and tighter integration back into your suppliers and their inventories

 

- more info

---

Canada lags in information security

Canadian companies lag globally in information security innovation: survey

While many organizations globally are making important strides in their information security practices, they are still falling behind the fast-changing risks involved with new technologies, according to a new study from Ernst and Young.

Government regulatory changes in recent years have meant information security has become more of a priority for the business, the company's 2012 Global Information Security Survey suggests. Business continuity has also become more of a priority over recent years, it noted.

Canada, however, is behind most countries in terms of security innovation, with only about 5% of spending invested in new technologies and management processes targeting information security over the last 12 months., the survey noted. On a global level, 55% of respondents said they plan to spend more on “securing new technologies” over the next year.

Without constant vigilance, your company is vulnerable to attack. The first step to take is to assess your current security stance, then make a plan to increase security with proper best practices and technologies.

The ten commandments of security management for CSOs, CIOs, and IT Managers

• Limit access to information to those who need to have it -- People can't misuse information that they don't have.
• Conduct frequent and deep security audits – Identify who has access to what – and how their actions could weaken the protection of valuable data/information.
• Set limits to information access – do not exclude all information from access – data exclusion locks down access. Limits set authorizations so specific people can do specific things under specific circumstances.
• Limit administrative rights to as few individuals as possible -- very few individuals need them to do their jobs.
• Ignore organizational hierarch when setting access capabilities – access and authorization should be based upon responsibilities, not position.
• Make Security Invisible -- Minimize extra commands, screens, pop-ups for employees; if an action is allowed, just let it happen.
• Analyze Security End back doors -- Compliance logs reveal threat patterns, and show how security steps are hurting productivity.
• Monitor information access and updates-- User-initiated appliciation information updates can invite vulnerabilities.
• Educate everyone on security policies and procedures – The more that people know about the rules the better
• Make security best practices the watch word for everyone -- IT and the general workforce must address the constantly changing nature of security breaches.

- more info

---

Disaster Recovery Hot Topics

Current posts on disaster recovery and business continuity.

1. Disaster Recovery and Business Continuity Top 10 Disaster Recovery and business continuity are all about being ready for everything.  The question that every IT manager and CIO has to answer every day...
2. Options for a data center disaster recovery strategy Data Center disaster recovery strategy – options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy — Hot...
3. Sandy shows that not being prepared can be fatal to an enterprise Business Continuity Plans Are Expensive A company’s disaster recovery and business continuity programs would be incomplete without covering compliance risks and without using compliance tools...
4. High Availability Versus Disaster Recovery High Availability High Availability is when A machine that can immediately take over in case of a problem with the main machine with little down...
5. Top 10 Selection Criteria for a Disaster Recovery Cloud Provider Cloud disaster recovery business continuity When looking for cloud providers of Disaster Recovery and Business Continuity Services you need to establish that they will be...

 

- more info

---

Top 10 Strategic CIO Issues For 2013

Given the usual tedium of these CIO priority lists, I was pleased when Bob Evans, senior vice-president of communications for Oracle Corp, alerted me to his take on this well-worn topic. Instead of a boring list showing endless software and hardware spending statistics, Bob developed a meaningful collection of strategy areas for innovative CIOs.

Here is Bob Evan's list of "Top 10 Strategic CIO Issues For 2013"

1. Simplify IT and Transform Your Spending: Kick the 80/20 Budget Habit
2. Lead the Social Revolution: Drive the Social-Enabled Enterprise
3. Unleash Your Company’s Intelligence: Create the Enterprise-Wide Opportunity Chain
4. Embrace the Engagement Economy: Merge the Back Office and the Front Office into the Customer Office
5. Future-Proof Your IT Architecture
6. Upgrade Cloud Strategy to Business Transformation Enabled by the Cloud
7. Transform Big Data into Big Insights, Big Vision, and Big Opportunities
8. Preside over a Shotgun Wedding: Systems of Record Marry Systems of Engagement
9. Lead with Speed: CIO as Chief Acceleration Officer
10. Bend the Value Curve: More Innovation, Less Integration

- more info

---

Preparing for a Disaster

Disaster Recovery

Are you Prepared for a Disaster?

Next to personnel, data is your most irreplaceable asset.  Networks, application hosting platforms, and end user computing environments can be replaced quickly.  However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.

A business continuity plan is NOT a disaster response plan. These are not steps to take during the actual disaster event, but rather steps to take after the emergency to return towards normal business operations. The purpose of the plan is due to normal operations not being as easy to return to as you might think. Dependent on the event, you may no longer have some of your most vital resources.

Creating a business continuity plan isn’t always an easy process. Small business owners may understand the importance of having one but it may be difficult for them to understand exactly how to go about creating one or obtaining buy in from employees. To create a useful plan it requires that all employees play a role in the creation process, as well as in the maintenance of the plans.

 

- more info

---

Top Ten Concerns of CIOs

IT Service Management (ITSM)
Service Oriented Architecture (SOA)

ITIL Compliant -- Policy Template

Change Control - Help Desk - Service Requests
Blog - Personal Web Site - Sensitive Information
Just added BYOD Support and 7 new electronic forms

      

There will never be a time when IT directors can, but with the economic turmoil of today concerns are extremely high. On the security front, internal and external threats are on the increase, especially as the enterprise boundary continues to increase with the growth of mobile and wireless based applications. Keeping the business operating in the face of existing economic conditions, security threats, whether against the systems themselves, or against the business and the environment in which it operates is part of any CIO's basic role.

The top ten concerns are:

• Budgets - Budgets have never been tighter. Since the dot com bubble burst  where IT budgets were pared to the bone, organizations are striving to keep a really tight control over them, even though they still need innovative IT to keep ahead of the competition. Smart CIOs are seeing savings through standardization of the IT infrastructure so new systems can be financed without increasing budgets.
• Staffing - People are an organization's most valuable asset. For CIO they are not only the most valuable, they are causing the most headaches as well. Recruiting, managing and training staff are the most pressing concerns for CIOs
• Security - Internal and external threats are on the increase, especially as enterprises continue to increase the growth of mobile and wireless based applications.  Keeping the business operating in the face of threats, whether against the systems themselves, or against the business and the environment are a major component of CIO's role.
• Compliance - Security and compliance work together for CIOs as many governance and compliance regulations were spawned from risk management and directly affect security. For many companies regulatory compliance is now part of everything they do. This has allowed the CIO to understand exactly what resources and processes an organization has and to increase efficiency and throughput as a result.
• Resource Management - Managing time and resources are a major concern for CIOs.  Enterprise management now demands more efficient working. CIO now are now using more of their time and resources they used to spend on legacy maintenance on more produce to manage critically short supplies of resources.
• Infrastructure - Updating technology infrastructures and keeping the backbone of an organization's IT up to date is another top concern for CIOs..
• Business Alignment - Keeping IT strategy in line with business strategy is something at which CIOs have become masters but it is still one of the areas that causes a lot of work and is resource heavy.
• Managing Users - CIOs must prioritize the needs of their users and customers. Dealing with users while improving the quality of service for users is a constant for all IT departments.   More CIOs are putting metrics in place to see just how well they are doing. Excellent customer service and cost effectiveness in driving the business forward are the two overlying themes for many businesses. The aim is to lift the bar on customer service, on cost effectiveness and on the capabilities of service offerings and people.
• Managing Change - The fast moving pace of technological innovation means change is a guaranteed part of the CIO's role. But the way they manage its effect on the business is more critical. Arguably, the most significant management issue that CIOs have to face this year is change management - business process change, changes in organizational cultures and how they affect people are very high on the CIO's agenda.
• Organizational Politics - To manage change and integration effectively, CIOs need the support of their senior management team. The success of change management programs and the contribution IT can make to those depend heavily on the support and drive of senior managers. If the CIO lines of report - CEO, CFO or COO -understand the power of transformational IT investment and if a CIO can educate and communicate what is possible, IT should be a key enabler for business and process change. Many companies are going through massive change and integration programs, all of which need board support to succeed.

- more info

---

Vendors over promise - IT Management Should Question

Every computer vendor promises the world.  In the case of security products they all say zero false positives! 100 percent accuracy! Hackers banished forever!  Great promises, but very few vendors meet them.

In order for security software to reliably detect 100 percent of all malicious applications, it would take the product several  times longer to scan, it would slow down your system even more than it already does, and there still would be an incredible number of false positives.

Faced with claims like these, CIOs and senior IT management need to challenge vendor assertions. When the sales pitch reaches a crescendo, say two simple words: "Show me." Make the vendor install the product for an extended test. Tell your vendors ahead of time that that your team is known for making the vendor to prove its claims in a real-world testing scenario.

- more info