Sarbanes Oxley Compliance Kit
The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
Sarbanes-Oxley Section 404 requires that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforce separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what you vendors need to do (all editions);
- Software tool to monitor key data files (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition).
Disaster Recovery Template (DRP)
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the 
Disaster Recovery Manager
Security Manual
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
220 Internet and IT Job Descriptions
The 220 Internet and IT Position Descriptions are in Word for Windows format. Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The IT Service Management Template
The IT Service Management Template contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. ITSM template also contains several easy to implement forms and conforms with ITIL.
Practical Guide for IT Outsourcing
The guide is 91 packed pages and includes everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise. 
Safety Program Template
The plan is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement. The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).
Sarbanes-Oxley Issues and News
Business continuity planning becomes more critical
The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions could come in many forms, from fire and floods to theft or malicious attacks on your systems, such as viruses or hacking.
Business continuity planning improves your business' ability to react to such disruptions. It describes how you will restart your operations in order to meet your business-critical requirements.
The business continuity template can be used for any sized enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Template explains the importance of business continuity plans to the success of your business, and how best to develop them.
- more infoSecurity demands CIOs to adapt as new threats appear
It is not easy to keep an enterprise successful and secure these
days. Businesses all over the world are faced with a host of new challenges: an
unsteady economy, growing competition, volatile global markets, shrinking
budgets, and consumer uncertainty. Overworked IT departments are not only
expected to respond to the demands of anxious business teams, theyre also
responsible for securing the organization and its valuable data against a raft
of sophisticated new threats they have never seen before; proving their
processes are internally and externally compliant; and being fiscally
responsible.
The security policies and procedures template by Janco is the perfect solution. It helps CIOs and IT Managers create the proper security environment.
Because of the way security has evolved over the years, it is rarely looked upon or "fulfilled the role" as a strategic business enabler. Some see it as an inescapable and often costly necessity. The approach to security is generally driven by the latest threats; it is reactive rather than proactive, tactical rather than strategic.
- more infoH-1B rule may help US IT job market
Job Market maybe helped by a proposed new rule. A rule known as the 50/50 rule in a piece of 2009 Senate legislation (as well as a clause in the House in the Comprehensive Immigration Reform ASAP Act of 2009) seeks to balance out the numbers of foreign workers and U.S. workers in companies that employ more than 50 U.S.-based employees. If a company is using H-1B or L-1 visa workers or both, the legislation would limit the number of those workers to no more than 50 percent of the company's U.S.-based workforce. - more info
Disaster Planning Takes Good Staff
Good business continuity planning
needs to take a broad view, embracing people, human behavior, customers and
other factors that lie outside the data center. It is also important to secure
the vision and endorsement of executive management. A properly funded,
well-prioritized business continuity plan, combined with a regular program of
testing and recovery drills, will help to safeguard the organization. Read this
white paper to understand the key elements of a successful business continuity
plan, see how to develop a plan that clarifies what is critical, and set
specific recovery requirements.
Disaster Recovery is Area of Cost Cutting Focus
Disaster Recovery (DR) is a tough game. It's a
critical component of IT and risk mitigation strategies, and compounded in
difficulty by ever growing data volumes, distributed computing, and new
technologies. Unfortunately, DR is often one of the first line items hit by
budget cuts. How can you get creative in protecting more data, recovering more
swiftly, but also saving some money at the same time?
According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.
Next to personnel, data is your most irreplaceable asset. Networks, application hosting platforms, and end user computing environments can be replaced quickly. However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.
A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.
- more infoDisaster Recovery Planning is Required for Business Continuity Planning
Disaster Recovery Plans are part of a larger, more extensive planning process known as Business Continuity Planning. Disaster Recovery plans should be tested frequently so that the as many individuals as possible are familiar with the specific actions they will need to take when a disaster occurs. Disaster Recovery plans must also be adaptable and updated frequently, e.g. if new people, a new branch office, or new hardware or software are added to an organization they should promptly be incorporated into the organization's disaster recovery plan. Enterprises must consider all these facets of their organization as well as update and practice their plan if they want to maximize their recovery after a disaster.
Disaster Recovery and Business Continuity Planning are the process an organization uses to recover access to their enterprise operations; software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans. While Disaster Recovery and Business Continuity plans, or DRPs & BCPs, often focus on bridging the gap where data, software, or hardware have been damaged or lost, one cannot forget the vital element of work force that composes much of any organization. A building fire might predominantly affect vital data storage; whereas a pandemic or epidemic illness is more likely to have an effect on staffing. Both types of disaster need to be considered when creating a Disaster Recovery and Business Continuity Plans. Thus, enterprises should include in their DRPs & BCPs contingencies for how they will cope with the sudden and/or unexpected loss of key personnel as well as how to recover their data.
- more info2010 Productivity Award Give to eJobDescription.com
The IT Productivity Center (ITPC) has just awarded ejobdescription.com with its prestigious 2010 Productivity Award for the electronic Internet and IT Job Descriptions HandiGuide. The 2010 awards competition attracted 131 nominations for innovations and productivity improvements worth $40 million in cost savings, cost avoidances and increased revenue for the IT function of enterprises of all sizes.
The awardees electronic book met all of ITPCs criteria for improved
productivity, as it is electronically based and is content rich. Not only
does it include 231 fully ADA and ISO compliant IT job descriptions, it also
contains a job progression matrix, sample organizational charts, set of best
practices for screening resumes and phone screening, process for hiring and
motivation employees, job evaluation questionnaires, and logs to be used in the
hiring process.
In providing the award the CEO of the IT Productivity Center
said, We have reviewed the job descriptions that are included in the HandiGuide
and find them as complete and update as any that we have seen. They
added, The best practices included are what really put this product over the
top for http://www.ejobdescription.com.
Every CIO and IT Manager should strive to achieve the processes contained within
the HandiGuide.
The 2010 Productivity Award allows its recipients to the award logo on their web site as well as including it on any materials that that received the award.
In order to qualify for this award the product or service is required to Soar like and eagle as the logo depicts. The center is constantly looking for enterprises that seek to achieve this goal. Nominations are accepted from enterprises that can show measurable productivity improvements from the products or services that they nominate.
- more infoRecession drags on and on and....
Per-hour worker productivity in the U.S. grew 2.5% in 2009, according to The Conference Board's Total Economy Database. At the same time, employment decreased by 3.6%, and hours worked per employee dropped by 1.5%. The rise in productivity last year, as well as the 3% increase that The Conference Board projects for 2010, is a reversal of a long downward trend. But the rise is entirely due to the stresses of the recession, the organization says.
In contrast, The Conference Board notes that per-hour worker productivity dropped 1% in Europe last year, and the chief economist for the organization, attributed the divergence to the way companies in the two parts of the world reacted to the recession.
- more infoPrivacy Commissioners ask Google to respect national privacy laws
The privacy commissioners of Canada, France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain, and the U.K. send and open letter to Google asking the company to respect national laws, and also to adhere to six guiding privacy principles:
- Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
- Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
- Create privacy-protective default settings;
- Ensure that privacy control settings are prominent and easy to use;
- Ensure that all personal data is adequately protected, and
- Give people simple procedures for deleting their accounts, and honor their requests in a timely way.
"Privacy is a fundamental right that people value deeply," the letter concluded, calling on Google to promise to respect privacy and data protection requirements before the launch of future products.
- more infoData Protection and Records Management CIO Concern
Data Protection is a complex topic that has become a growing concern of most companies as they face increased quantities of critical information which must be stored, protected and archived to meet regulatory requirements, user expectations and business requirements. Consolidating storage and backup practices with Storage Area Networks gives customers a wide variety of ways to create point-in- time snapshots, clones and replicas of data to be used for disaster recovery and business continuity. The addition of data deduplication technologies has delivered on the promise of significant cost savings through backup data reduction and enlarged the scope of potential applications that can be protected effectively and affordably - both at central and remote sites. - more info