State Compliance Requirements

Compliance Management Tools

Compliance Managment

Individual state data protection laws are unique in several ways. For example, Massachusetts has extended its reach well beyond its own borders by mandating data protection for its citizens regardless of where that data resides. On the other hand, most other state laws, do not define what methods shall be used (e.g. , encryption) to protect its citizens' data. In addition, the Massachusetts law provides for large civil penalties in the case of non-compliance, and opens organizations to seemingly unlimited civil action.

Order Compliance Managment Kit

While it is not yet clear how this law will in fact be enforced, it is clear that any organization with customers in Massachusetts will be facing a tough new data protection environment. And as such, it behooves these organizations to start preparing now, to ensure not only compliance with this new law but to drive towards true data security and peace of mind.

To protect these types of sensitive data using identity management solutions, the following challenges must be addressed:

  • Define and track changes to various policies, procedures and controls related to access rights.
  • Track ongoing violations to the policies and processes related to access rights.
  • Monitor the timeliness of violation or exception detection mechanisms and the corresponding remediation activity.
  • Audit access activity for all resources hosting sensitive information.
  • Analyze unauthorized attempts to access or change sensitive information.
  • Analyze the incremental effectiveness of controls around access rights.

State Notification Laws

The graphic clearly depicts the magnitude of the current situation and the table provided by The National Conference of State Legislatures includes links to the individual states.The Security Manual Template address each of these mandate requirements.

California SB 1386 Personal Information Privacy

This regulation affects companies that do business with individuals living in California even if the ENTERPRISE is located outside of the state.

If unencrypted personal data is compromised, then ENTERPRISE must immediately disclose to the customer that a security breach has occurred.

Massachusetts Data Protection Requirements

Organizations that do business with Massachusetts residents must:

  • Control passwords to ensure they are kept in a location and/or format which will not compromise the security of the data they protect
  • Encrypt all personal information stored on lap tops or other portable devices
  • Ensure reasonably up-to-date fire wall protection and operating system security patches, designed to maintain the integrity of the personal information
  • Ensure up-to-date versions of system security agent software, which must include malware protection and up-to-date patches and virus definitions
  • Have a Written Information Security Program (WISP) and to take “reasonable steps” to ensure that any third-party / independent contractors comply with these data protection provisions. (The Janco Security Manual Temple includes a detail check list and policy template that meets these requirements)

Compliance Management Tool Kits

Janco offers a full range of tools to help enterprises of all sizes to address these issues.   The Compliance Management kit provides the infrastructure tools necessary address these mandated requirements.

The Compliance Management tool kit comes in three (3) versions: Silver, Gold, and Platinum. Plus you can save over $2,000 when you order the COBIT IT Governance Kit

OrderCompliance Management - Silver Edition

Compliance Management White PaperSecuirty Audit ProgramPCI Audit ProgramCompliance Job Descriptions
  • Compliance Management White Paper
  • Security Audit Program - fully editable -- Comes in MS EXCEL and PDF formats -- Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD.
  • PCI Audit Program - Word and PDF
  • Job Descriptions (25 key positions) - Word Format - fully editable and PDF
    • Chief Commpliance Officer (CCO), Director Electronic Commerce, e-Commerce Specialist, Internet-Intranet Administrator, Manager Internet - Intranet Activities, Manager Internet Systems, Manager Point of Sale, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, On-Line Transaction Processing Analyst, PCI-DSS Administrator, PCI-DSS Coordinator, POS Coordinator, POS Hardware Coordinator, POS Senior Coordinator, Record Management Coordinator, System Administrator - Unix, System Administrator - Windows, Web Analyst, Web Site Designer, Webmaster, and Wireless Coordinator

OrderCompliance Management - Gold Edition

Compliance Management White PaperSecuirty Audit ProgramPCI Audit ProgramCompliance Job DescriptionsRecord Management Policy
  • Compliance Management White Paper
  • Security Audit Program
  • PCI Audit Program
  • Job Descriptions (25 key positions) including Chief Compliance Officer (CCO)
  • Record Management Policy - Word - Records management retention and destruction policy which complies with manadated US and ISO requirements

OrderCompliance Management - Platinum Edition

Compliance Management White PaperSecuirty Audit ProgramPCI Audit ProgramCompliance Job DescriptionsRecord Management PolicySecurity Manual
  • Compliance Management White Paper
  • Security Audit Program
  • PCI Audit Program
  • Job Descriptions (25 key positions) including Chief Compliance Officer (CCO)
  • Record Management Policy
  • Security Manual Template - Word - 240 plus packed pages which are usable as is. Over 3,000 companies world wide have chose this is the basis for their best practices to meet mandated US, EU and ISO requirements
Order Compliance Managment Kit