Sarbanes-Oxley Compliance Resource Kit
Understanding and insuring compliance with the Sarbanes-Oxley Act can be a formidable undertaking. It is a complex piece of legislation, and one which demands a serious and planned approach.
However, this need NOT be a daunting task. The Sarbanes-Oxley Compliance Kit is designed specifically to educate, explain, and guide you through the process. It includes a whole series of resources intended to help simplify, and set you on the right path... to help you achieve full compliance as painlessly as possible.
Sarbanes-Oxley Section 404 mandates that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforce separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what you vendors need to do (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition) includes:
- Service Request Policy and Standard
- Help Desk Policy, Procedure, Standard, and Service Level Agreement
- Change Control Standard, Quality Assurance Standard, and Management Workbook
- Documentation Standard
- Version Control Policy and Standard
- Sensitive Information Standard
- Blog and Personal Web Site Policy
- Travel and Off-Site Meetings Security Policy
- Internet, e-mail and electronic communication Policy
Security Manual
The plan includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
Disaster Recovery Plan (DRP)
This Disaster Recovery Plan (DRP) can be used as a template for any enterprise. DRP is sent to you via e-mail in WORD and/or PDF format. Included is a 13 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager.
IT Job Descriptions
The Internet and IT Position Descriptions are in Word for Windows format. Includes positions from CIO and CTO to Wireless and Metrics Managers.
The IT Service Management Template
The IT Service Management Template contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. ITSM template also contains several easy to implement forms and conforms with ITIL.
Practical Guide for IT Outsourcing
The guide is 91 packed pages and includes everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise.
Safety Program Template
Safety Programincludes everything needed to customize the Safety Program to fit your specific requirement. The Safety reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).
CIO and Compliance News
Disaster Recovery Planning Site Re-Launched by Janco
The site www.zinnote.com has just been re-lanuched by Janco Associates, Inc. the site focus on disaster recovery and business continuity planning.
Victor Janulaitis, the Chief Executive Officer of Janco Associates, Inc. said "Our mission is to provide the Chief Information Officer (CIO) and the Chief Technology Officer (CTO) all of the tools they need to efficiently and effectively stay current on the latest developments in Technology. To that end this site focused to meet these objectives." He added, "Each of our site is manually created from Janco products. This is not a mindless automated process, rather it is one which we gather, filter and prioritize. Only the most meaningful disaster recovery and business continuity informationpresented is presented."
- more info
Disaster Recovery is Area of Cost Cutting Focus
Disaster Recovery (DR) is a tough game. It's a critical component of IT and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. Unfortunately, DR is often one of the first line items hit by budget cuts. How can you get creative in protecting more data, recovering more swiftly, but also saving some money at the same time?
According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.
Next to personnel, data is your most irreplaceable asset. Networks, application hosting platforms, and end user computing environments can be replaced quickly. However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.
A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.
- more info
Enterprise Architecture - a cost savings solution
Enterprise Architecture: A Solution for Business Savings
Business works best when its orchestrated carefully, choreographed thoroughly and directed perfectly. Business, in other words, is a production that requires planning, staging and management in order to hit peak performance. Thats the value Enterprise Architecture brings to the IT world and all other functions, divisions and departments of todays businesses.
Janco is focused on supporting that peak performance with tools for professionals to architect the complex structures of modern corporations and to help create opportunities for the future.
- more info
Directions that IT infrastructure is moving defined
Through the years, the role of the network and it infrastructure has changed with computing transitions. Each computing transition has also increased the networks value and reshaped the vendor landscape. The transition to a virtual enterprise will have an impact on the network similar to the previous computing shifts. The network will become a strategic point of competitive advantage for companies that use it to accelerate virtualization deployments. For this to occur, network decisions-makers can no longer settle for any part of the network infrastructure that is good enough simply because it is from the market brand leader. Corporate network managers that seek to leapfrog the competition need to adopt bold new thinking and embrace the following concepts:
Virtualization will extend out of the data center and expand functionality all the way to the desktop, creating new demands across the network.
- more info
- Data center class reliability, performance and features are required not only in the data center, but also at the aggregation edge and wiring closest.
- Open and standards-based solutions need to be the norm, not the exception. The networks tight coupling with the compute infrastructure will drive greater ecosystem support, meaning that closed, proprietary systems will only act as long-term barriers to adoption.
- Good enough is no longer good enough. Its easy to evaluate different vendors and just choose the incumbent vendor or brand leader. However, as the market transitions, this decision can often be the wrong one as legacy vendors with a large installed base cant protect their install base and transition with the market simultaneously.
Social networks still banned by many CIOs
Cisco released the results of a third-party global study designed to assess how organizations use consumer social networking tools to collaborate externally, revealing the need for stronger governance and IT involvement. The research is the first of a two-part series that Cisco has commissioned to explore the impact of social networking and collaboration applications in the enterprise.
The study is based on extensive interviews with 105 participants representing 97 organizations in 20 countries around the globe.
The use of consumer-based social networking tools, such as Facebook and Twitter, as collaboration platforms is connecting organizations with the external world in myriad ways. These tools bring technology and business together through innovative experiences, connect people and information, establish potential new routes to market, and enhance customer intimacy and brand awareness. The study findings indicate that the business world is at the early stages of adopting these tools and in the process of identifying key challenges, such as the need for increased governance and IT involvement, which may impact the integration and adoption of these new platforms and technologies.
- more info
Business continuity planning becomes more critical
The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions could come in many forms, from fire and floods to theft or malicious attacks on your systems, such as viruses or hacking.
Business continuity planning improves your business' ability to react to such disruptions. It describes how you will restart your operations in order to meet your business-critical requirements.
The business continuity template can be used for any sized enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Template explains the importance of business continuity plans to the success of your business, and how best to develop them.
- more info
Security demands CIOs to adapt as new threats appear
It is not easy to keep an enterprise successful and secure these days. Businesses all over the world are faced with a host of new challenges: an unsteady economy, growing competition, volatile global markets, shrinking budgets, and consumer uncertainty. Overworked IT departments are not only expected to respond to the demands of anxious business teams, theyre also responsible for securing the organization and its valuable data against a raft of sophisticated new threats they have never seen before; proving their processes are internally and externally compliant; and being fiscally responsible.
The security policies and procedures template by Janco is the perfect solution. It helps CIOs and IT Managers create the proper security environment.
Because of the way security has evolved over the years, it is rarely looked upon or "fulfilled the role" as a strategic business enabler. Some see it as an inescapable and often costly necessity. The approach to security is generally driven by the latest threats; it is reactive rather than proactive, tactical rather than strategic.
- more info
H-1B rule may help US IT job market
Job Market maybe helped by a proposed new rule. A rule known as the 50/50 rule in a piece of 2009 Senate legislation (as well as a clause in the House in the Comprehensive Immigration Reform ASAP Act of 2009) seeks to balance out the numbers of foreign workers and U.S. workers in companies that employ more than 50 U.S.-based employees. If a company is using H-1B or L-1 visa workers or both, the legislation would limit the number of those workers to no more than 50 percent of the company's U.S.-based workforce. - more info
