CIO Compliance Management Role

Order Compliance Managment KitDownload Selected Pages

CIOs must understand the importance of implementing and enforcing litigation readiness processes and policies. Successful e-discovery relies on a balanced mix of people, process and technology. If a proactive process isn't established, employees' expertise and advanced technology capabilities will have significantly less impact. Also, to reduce the chance of employees sharing damaging or classified communications, CIOs should implement guidelines for the dissemination of sensitive knowledge.

Compliance Management White PaperCIOs should have a data discovery plan as that can reduce risk and expenses. Poor litigation preparation can consume large amounts of time and lead to higher attorney fees, as well as missed court deadlines, fines and courtroom losses. The CIO should compare the costs associated with proactive litigation readiness to the expense of unprepared discovery. Sometimes, settling a lawsuit is the most cost-effective solution, and establishing a discovery process can help facilitate the right business decisions.

CIOs should encourage active data mapping to quickly identify information and organizational systems, and to locate important data while working with the legal department to assess litigation readiness. But only 35 percent of senior executives realize that records management is vital to risk mitigation, according to a 2009 survey by management consulting firm Cohasset Associates.

Inadequate records management contributes to misplaced documents, potential discovery negligence and increased discovery costs. There's no "easy" button: Buying a tool will not single-handedly solve discovery and litigation problems. Digital forensics experts can be a valuable asset to the defensible collection and analysis of data.

Together, the CIO and the legal department have the greatest power to improve litigation processes. They should drive the message to employees: A data map is absolutely essential, and the company must be litigation-ready at all times. The legal department should reinforce the need for processes and policies and ensure that they're enforced by the human resources department and IT. Most important: When a lawsuit is anticipated or occurs, counsel must immediately establish a litigation hold, suspending all normal data destruction to prevent any chance of spoliation (withholding or destroying evidence) and subsequent lost cases.

Federal and state government regulations (see state compliance requirements) can be a big problem for today's organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it's serious.

Exposure for non-Compliance

Regulation

Penalty

Fine

 GLBA

10 Years Prison

$1,000,000

 HIPAA

10 Years Prison

$100 per occurrence maximum of $25,000 per year

 SOX

10 Years Prison

$15,000,000

 Sec Rule 17a-4

Suspension

$1,000,000

Compliance Management Toolkit Versions

Janco offers a full range of tools to help enterprises of all sizes to address these issues. The Compliance Management kit provides the infrastructure tools

In addition to the Compliance Management White Paper we provided the The Compliance Management tool kit in three (3) versions: Silver, Gold, and Platinum.

OrderCompliance Management White Paper

Compliance Management White Paper
  • Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.

    White Paper contains a table of manadated record retention periods and a list of all of the states and US possessions with their mandated notification requirements.

OrderCompliance Management - Silver Edition

Compliance Management White PaperSecuirty Audit ProgramPCI Audit ProgramCompliance Job Descriptions
  • Compliance Management White Paper
  • Security Audit Program - fully editable -- Comes in MS EXCEL and PDF formats -- Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD.
  • PCI Audit Program - Word and PDF
  • Job Descriptions (25 key positions) - Word Format - fully editable and PDF
    • Chief Commpliance Officer (CCO), Director Electronic Commerce, e-Commerce Specialist, Internet-Intranet Administrator, Manager Internet - Intranet Activities, Manager Internet Systems, Manager Point of Sale, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, On-Line Transaction Processing Analyst, PCI-DSS Administrator, PCI-DSS Coordinator, POS Coordinator, POS Hardware Coordinator, POS Senior Coordinator, Record Management Coordinator, System Administrator - Unix, System Administrator - Windows, Web Analyst, Web Site Designer, Webmaster, and Wireless Coordinator

OrderCompliance Management - Gold Edition

Compliance Management White PaperSecuirty Audit ProgramPCI Audit ProgramCompliance Job DescriptionsRecord Management Policy
  • Compliance Management White Paper
  • Security Audit Program
  • PCI Audit Program
  • Job Descriptions (25 key positions) including Chief Compliance Officer (CCO)
  • Record Management Policy - Word - Records management retention and destruction policy which complies with manadated US and ISO requirements

OrderCompliance Management - Platinum Edition

Compliance Management White PaperSecuirty Audit ProgramPCI Audit ProgramCompliance Job DescriptionsRecord Management PolicySecurity Manual
  • Compliance Management White Paper
  • Security Audit Program
  • PCI Audit Program
  • Job Descriptions (25 key positions) including Chief Compliance Officer (CCO)
  • Record Management Policy
  • Security Manual Template - Word - 240 plus packed pages which are usable as is. Over 3,000 companies world wide have chose this is the basis for their best practices to meet mandated US, EU and ISO requirements

Order Compliance Managment KitDownload Selected Pages