|
Sarbanes Oxley
Compliance Kit
 Sarbanes-Oxley Section 404 requires that:
-
Enterprises have an enterprise wide security
policy;
-
Enterprises have enterprise wide
classification of data for security, risk, and business impact;
-
Enterprises have security related standards
and procedures;
-
Enterprises have formal security based
documentation, auditing, and testing in place;
-
Enterprise enforce separation of duties; and
-
Enterprises have policies and procedures in
place for Change Management, Help Desk, Service Requests, and changes to
applications, policies, and procedures.
To meet these needs the Sarbanes Oxley
Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold,
and Platinum) contains:
-
Security Policies (all editions);
-
Threat & Vulnerability Assessment Tool (all
editions);
-
Business & IT Impact Questionnaire Risk
Assessment Tool (all editions);
-
Safety Program Template (all editions);
-
Disaster Recovery Template (all editions);
-
Outsourcing guide update to reflect what you
vendors need to do (all editions);
-
Software tool to monitor key data files (all
editions);
-
Internet and IT Job Descriptions (Silver,
Gold, and Platinum Editions) and;
-
IT Service Management Template (Platinum
Edition).
Security Manual
The plan is 178 pages and includes
everything needed to customize the Internet and Information Technology
Security Manual to fit your specific
requirement. The electronic document includes proven written text and
examples for your security plan.
View
The Table of Contents And A Few Pages
 Disaster Recovery Plan (DRP)
This Disaster Recovery Plan (DRP) can
be used as a template for any enterprise. DRP is sent to you via e-mail in WORD
and/or PDF format. Included is a 13 page Business Impact Questionnaire
as well as a 3 page Job Description for the Disaster Recovery Manager.
View a the Table of Contents and sample pages [Adobe PDF]
 220 Internet and IT Job Descriptions
The 220 Internet and IT Position
Descriptions are in Word for Windows format. Includes positions
from CIO and CTO to Wireless and Metrics Managers.
View The Table
of Contents And A Few Pages
 The
IT Service Management Template
The IT Service Management Template contains policies, standards, procedures
and metrics for Change Control, Help Desk and Service
Request processing. ITSM template also contains
several easy to implement forms and conforms
with ITIL.
View The Table
of Contents And A Few Pages
Practical Guide for IT Outsourcing
The guide is 91 packed pages and includes
everything needed to plan for, negotiate, and manage an outsourcing
process within an enterprise.
View a the Table of Contents and sample pages [Adobe PDF]
-
 Safety
Program Template
- The plan is 60 pages and includes
everything needed to customize the Safety Program to fit your specific
requirement. The Safety was updated in December of 2004 and
reflects the latest issues associated with the most recent
legislation (Sarbanes Oxley).
|
Site Map
IT Cost Control
Latest News
Issuse CIO Face in a Troubled Economic Times
 CIOs
face some of its greatest challenges they have ever had. All managers are under
intense pressure to cut costs, and that pressure is significantly increased by
the current grim economic outlook. Everywhere CIOs look there is study after
study indicating that organizations are looking at reducing headcount, as well
as their overall spending in 2009. In addition, many business areas are relying
on IT more than ever before to help them deal with the increased competition and
reduced funding. This budget crunch creates a greater need for improved
efficiency and higher productivity.
Normal logic would cause a CIO to consider hunkering down and
focusing on survival until business conditions improve. However, enterprises
must continue to make strategic investments in Information Technology.
Survival is clearly important, but by making survival your primary focus, you
risk missing opportunities.
CIOs and IT organizations that position themselves for the eventual
upturn will look at IT as an enabler of business efficiency and growth. In this
turbulent economy, it becomes more critical to invest differently in IT. The key
is to invest in areas that really improve IT efficiency and discipline. This
focus will enable IT not only to survive this difficult financial period, but
also to quickly shift its profile toward enabling true business
growth.
- more
Over 70% of Lost Laptops are Never Recovered
Laptops can and do get lost or stolen.
In studies conducted by several security firms, it has been found that over 50%
of all lost or stolen laptops disappear at airport security checkpoints an
departure gates. Unfortunately almost 70% of these laptops are never
recovered.
This policy has been updated
to reflect the requirements of PCI-DSS, Sarbanes-Oxley, HIPAA, and ISO.
The policy comes as both a WORD file and a PDF file utilizing a standard CSS
style sheet.
- more
Terminating an Outsource Relationship
 Enterprises can and
do suffer because they do not plan for what happens when the end date of the outsourcing contract approaches.
Enterprises usually omit to include a definition of procedures to be followed
and assets allocated when the contract terminates.
The
time to set the groundwork for the termination of an outsource contract is when the
original contract is negotiated. If
it is not done then, the outsourcer has no reason to do more than the contract
requires.
Key
issues to consider are:
-
Ownership of fixed assests
-
Ownership and return of data
-
Documentation and other intellectual property
-
Staffing turnover from outsourcer to enterprise
- Support outsourcer is to provide in the turnover
process
- more
CIO Recovery Planning Tool Kit Released
Park City, UT – Park
City, UT - With the recovery on the horizon, Janco Associates, Inc. has released
its CIO Infrastructure Planning Tool Kit. The kit contains all of the elements
that are required for CIOs to hit the ground running as the recovery starts to
take hold and demand increases for IT services. The CEO of Janco, Mr. Victor
Janulaitis said, "During a downturn, CIOs often had to make some unpopular
decisions and that cost them the alliances they need to succeed. Based on our
experience the highest attrition rates for CIOs is during a recovery. With a
recovery, many enterprises feel they can afford a change at the top to get a new
direction and improve the enterprise's IT operations. In order to succeed CIOs
need to take proactive steps before it is too late."
Janulaitis said, "CIOs need to act well in advance
of the recovery, and the end of a recession is often recognized only months
after the fact. The most progressive CIOs and enterprises will turn to recovery
mode before competitors by implementing a recovery plan right now."
Janulaitis added, "...Most IT functions are
operating at very high productivity levels and do not have any extra capacity to
use when the recovery starts. Once the recovery occurs there were be huge demand
for initiatives, projects, and staffing. CIOs who react too late will find they
will not be able to meet the demands placed on them."
The CIO Infrastructure Planning Tool Kit directs
CIO how to get there organization in order by helping them meet several key
objectives. Updating the organization infrastructure with IT Service Management
(ITSM) and Metrics in mind; updating the Service-Oriented Architecture (SOA) and
how it will be applied with new initiatives; defining all of the
responsibilities of the IT staff and support staff members; creating current job
descriptions in place; and identifying the resources that will have to be hire
(employees) or retain (contractors) once the recovery starts.
The CIO Infrastructure Planning kit comes in three
versions: standard, silver, and gold. The gold version contains the IT
Infrastructure, Strategy, & Charter Template, the latest Janco IT Salary
Survey, the IT Service Management for SOA Template, 220 IT Job Descriptions, the
Internet and IT Job Descriptions HandiGuide , and a Functional Specification
Template. These templates and job descriptions all come in MS WORD and are fully
editable. More information can be found at http://www.e-janco.com/CIOInfrastructurePlanningToolKit.html.
 
- more
Is your business ready to deal with management of all of its data and business records?
 For most midsized
and even small businesses, managing data is a
major challenge. The growth of structured data from databases, e-mail and other
applications, as well as file data such as PDFs, audio, video and graphics has
been exponential. Furthermore, no end is in sight. According to well know
reasearch firm, the need for on-line data storage capacity is increasing at a
rate of nearly 58 per cent per year; by 2011, it is estimated that companies
worldwide will require disk storage of more than 32,000 petabytes of
data.
The increasing flood of
data can lead to a host of problems, like added time and system slowdowns
due to the sheer volume of data; added cost, in new equipment and especially in
management overhead, to provide for all this data accumulation; and the added
business risk that comes with larger data stores.
The temptation is to accommodate added data by
increasing the number of servers and disk drives. But simply adding servers is
not the answer – in fact, without planning, the direct attachment of additional
drives or servers can create islands of storage, resulting in greater management
requirements. Such an unplanned and reactive approach to storage is inefficient,
raising costs while limiting flexibility and the capacity to respond to new
business opportunities.
- more
Areas Impacted by Security Policies and Procedures
Security policies and procedures need to consider areas where your
systems can be breached and include:
-
Employee access cards
-
Logon codes
-
Computers and laptops
-
Routers and networking equipment
-
Printers
-
Cameras, digital or analog, with company-sensitive
photographs
-
Data - sales, customer information, employee
information
-
Company Smartphones/ PDAs
-
VoIP phones, IP PBXs (digital version of phone exchange boxes),
related servers
-
VoIP or regular phone call recordings and
records
-
Email
-
Logs of employees daily schedule and activities
-
Web
pages, especially those that ask for customer details and those that are
backed by web scripts that query a database
-
Web
server computer
-
Security cameras
-
Access points (i.e., any scanners that control room
entry)
- more
Legacy Infrastructure Hinders Productivity
When
technologist's design and implement a "new way" to do things they often forget
about how to transaction from the "legacy" system to the new one. The Washington
Post reported that the Copyright Office's "new $52 million electronic process"
was responsible for creating an overwhelming logjam of copyright applications.
Turnaround
time for copyright applications has slowed from six to 18 months and the
Copyright Office is behind some 500,000 applications.
 Workers say the
"new" electronic system is slow and prone to crashing. Managers say the
challenge has been retraining the staff to use the system. In addition, 45% of
the copyright applications are still submitted in paper format, which must be
painstakingly entered by hand into the "new" electronic system.
The staff
is spending so much time handling the paper applications it does not have enough
time to process electronic applications, which has created delays for online
claims now. It now takes six months to process electronic claims when it should
take one month.
Since the
problem appears to be the volume of paper applications, the office plans to
raise the fees for paper applications from $45 to $65 in August while keeping
the fee for electronic filing at $35.
- more
Vista Dead
The Microsoft urged some companies week to dump Vista deployment plans and shift
to Windows 7, the operating system the company has promised to ship in the
fourth quarter.
"If you're just starting your testing of Vista, with the [Windows 7]
Release Candidate and the quality of that offering, I would switch over and do
your testing on the [Windows 7] Release Candidate, and use that going forward,"
said Bill Veghte, Microsoft's senior vice president for Windows
business.
That same day, other Microsoft managers said work
on Windows 7 should wrap up in August, which would indicate availability on new
PCs and at retail stores as early as mid-October if the company uses the same
pace as Windows XP eight years ago.
Microsoft delivered Windows 7 Release Candidate
(RC) to the public on May 4, but made it available to developers and IT
professionals several days earlier.
- more
Metric for Troubled Economic Times
Metrics are an issue that
continues to be focus as CIOs try to address the stresses placed on IT.
Successful CIOs know that "business-centric" metrics (which effectively
communicate the value of IT's operating activities and capital projects in terms
that relate to business executives) should be the focus rather than "technology-centric" metrics (such as the
number of transactions processed or the mean time between system failures). The right metrics for IT spending and
its business value can help reinforce IT's position as an informed and trusted
business partner.
In the
current economic conditions the focus of the CIO's Metrics should be:
-
Increase/preserve/accelerate revenue
-
Decrease/avoid/delay cost
-
Reduce
business risk
-
Enhance
business capabilities
- more
Metrics CIOs Need to Implement
Few
business professionals need to be convinced that information is valuable to their
organizations - or that data must be carefully protected. However, as
corporations accumulate increasingly greater volumes of information, protecting
it efficiently and effectively becomes more complex, expensve, and difficult. At
the same time as the consequences and cost of a protection failure increase as
data becomes more integrated into the day-to-day operations of the
enterprise. No one understands this better than the CIO, who is charged with a
seemingly impossible task: hold down storage and protection costs, keep
production data instantly accessible 24x7, and make sure than any information
asset, no matter how obscure or seldom used, can be quickly recovered on demand.
These competing agendas signal a gradual shift in emphasis from the process and
technologies of information protection to the strategies and tactics necessary
to quickly, easily, and comprehensively respond to and recover from any data
event.
- more
|
