Facebook Follow



XLM News Janco News Feed

Reddit  Del.icio.us  Stumble Upon  Facebook  
Disaster Recovery
Security Policies Procedures

Compliance Program

10 Step program to follow

CIOs and CSOs are now under a great deal of scrutiny not only from their executive management but also from a range of governmental and industry regulatory bodies. Janco has created a ten step program that helps them address compliance issues directly. The program, when used in concert with Janco's Compliance Management products gets them in front of the issue.

More small and mid-sized business are impacted by state mandated (i.e. California, Massachusetts, New York, and others) than federal and SEC mandates.

The ten step program Janco recommends is:

  • Implement a Security Officer Position - That individual does not do all of the work, rather they have responsibility for coordinating all compliance based issues.
  • Conduct a compliance risk assessment - The first step is to understand which compliance mandates the enterprise falls under and then conduct a audit to see how well the enterprise complies as it currently is structured.
  • Document - All compliance mandates require that documentation be in place for policies and procedures. The three things that compliance bodies look for are:
    • Is a policies or procedure in place
    • Is the policy or procedure followed
    • Is the policy or procedure the right one.
  • Know the operating environment - Once a user is authorized to access information how will they gain access and where are the potential failure points.
  • Prepare for Incidents - Even if you have every policy or procedure in place there will be compliance violations that will occur. Have a processes in place that focus:
    • Prevention
    • Detection
    • Correction
  • .Expect the worst to happen - Do not accept the answer "That never could occur". It will and you will have to respond to it quickly and effectively.
  • Control media and electronic files - a violation can not occur with out data. That data can be in any form - paper or electronic.
  • Train users - With all of the best policies and procedures in place without proper training a compliance program can not work.
  • Log and audit - This not only includes data but individuals and processes used.
  • Clean up old data and system - Often enterprises will only worry about new applications. That is not enough concern over legacy systems and data needs to be considered.

Compliance Management

Janco offers a full range of tools to help enterprises of all sizes to address these issues.  The Compliance Management kit provides the infrastructure tools necessary address these mandated requirements.

The Compliance Management tool kit comes in three (3) versions: Silver, Gold, and Platinum. In addition we offer a white paper on Compliance Requirements.

Compliance Management White Paper

  • Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.

    White Paper contains a table of manadated record retention periods.

Compliance Management - Silver Edition

  • Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.
  • Security Audit Program - fully editable
    • Comes in MS EXCEL and PDF formats
    • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
    • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings.
  • PCI Audit Program - Word and PDF
  • Job Descriptions (24 key positions) - Word Format - fully editable and PDF
    • Director Electronic Commerce
    • e-Commerce Specialist
    • Internet-Intranet Administrator
    • Manager Internet - Intranet Activities
    • Manager Internet Systems
    • Manager Point of Sale
    • Manager Record Administration
    • Manager Transaction Processing
    • Manager Video and Website Content
    • Manager Web Content
    • Manager Wireless Systems
    • On-Line Transaction Processing Analyst
    • PCI-DSS Administrator
    • PCI-DSS Coordinator
    • POS Coordinator
    • POS Hardware Coordinator
    • POS Senior Coordinator
    • Record Management Coordinator
    • System Administrator - Unix
    • System Administrator - Windows
    • Web Analyst
    • Web Site Designer
    • Webmaster
    • Wireless Coordinator

Compliance Management - Gold Edition

  • Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.
  • Security Audit Program - fully editable
    • Comes in MS EXCEL and PDF formats
    • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
    • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings.
  • PCI Audit Program - Word and PDF
  • Job Descriptions (24 key positions) - Word Format - fully editable and PDF
    • Director Electronic Commerce
    • e-Commerce Specialist
    • Internet-Intranet Administrator
    • Manager Internet - Intranet Activities
    • Manager Internet Systems
    • Manager Point of Sale
    • Manager Record Administration
    • Manager Transaction Processing
    • Manager Video and Website Content
    • Manager Web Content
    • Manager Wireless Systems
    • On-Line Transaction Processing Analyst
    • PCI-DSS Administrator
    • PCI-DSS Coordinator
    • POS Coordinator
    • POS Hardware Coordinator
    • POS Senior Coordinator
    • Record Management Coordinator
    • System Administrator - Unix
    • System Administrator - Windows
    • Web Analyst
    • Web Site Designer
    • Webmaster
    • Wireless Coordinator
  • Record Management Policy - Word

Compliance Management - Platinum Edition

  • Compliance Management White Paper - Summarizes mandated compliance requirements and provides a summary level work plan for how to implement Compliance Management policies and procedures.
  • Security Audit Program - fully editable
    • Comes in MS EXCEL and PDF formats
    • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
    • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings.
  • PCI Audit Program - Word and PDF
  • Job Descriptions (24 key positions) - Word Format - fully editable and PDF
    • Director Electronic Commerce
    • e-Commerce Specialist
    • Internet-Intranet Administrator
    • Manager Internet - Intranet Activities
    • Manager Internet Systems
    • Manager Point of Sale
    • Manager Record Administration
    • Manager Transaction Processing
    • Manager Video and Website Content
    • Manager Web Content
    • Manager Wireless Systems
    • On-Line Transaction Processing Analyst
    • PCI-DSS Administrator
    • PCI-DSS Coordinator
    • POS Coordinator
    • POS Hardware Coordinator
    • POS Senior Coordinator
    • Record Management Coordinator
    • System Administrator - Unix
    • System Administrator - Windows
    • Web Analyst
    • Web Site Designer
    • Webmaster
    • Wireless Coordinator
  • Record Management Policy - Word
  • Security Manual Template - Word

Compliance Managment

Disaster PlanningSecurity Policies ProceduresJob DescriptionsIT Infrastructure, Strategy, & Charter TemplateIT Salary SurveyInternet PDA SmartPhoneDRP Security