Individual Policies
All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format for those clients who just need this particular policy. All policies are Sarbanes-Oxley compliant.
Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy
This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:
- Appropriate Use of Equipment
- Mobile Devices
- Internet Access
- Electronic Mail
- Retention of Email on Personal Systems
- E-mail and Business Records Retention
- Copyrighted Materials
- Banned Activities
- Ownership of Information
- Security
- Sarbanes-Oxley
- Abuse
Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement
- E-Mail - Employee Acknowledgement
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
Sensitive Information Policy
This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data. The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.
The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other employees, contractors, suppliers and customers data and software can be compromised. This policy is four page in length and covers:
- Data and application security
- Minimize attention
- Shared public resources
- Off-site meeting special considerations
- Outsourcing Management Standard
- Service Level Agreement
- Responsibility
- Outsourcing Policy
- Policy Statement
- Goal
- Approval Standard
- Base Case
- Responsibilities
Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing
Infrastructure and Policy News
Outsouring impact IT Service Management
Lack of proactive monitoring threatens end-user satisfaction and application performance
To operate a cost-effective business in todays highly competitive market, an organisation requires an extremely efficient IT infrastructure to link its data centers, business operations and globally distributed customers. All business-critical applications must run smoothly to satisfy end-users and customers service level expectations. Consequently, an enterprise's IT support services play a vital role. Many international businesses, for example, operate multiple hosted data centers and have communication rooms in many of their overseas locations. These same businesses often outsource some of their IT operations management
However, executives are concerned about poor visibility of IT infrastructure problems, high levels of service disruption, low end-user satisfaction and the impact on application availability. Visibility of an enterprise's infrastructures performance and availability are often inadequate because they have very little monitoring and performance information. Thus, they are a reactive organization. Enterprises must introduce an IT Service Transformation process to improve all aspects of IT Service Management (ITSM) and act as a foundation to monitor the critical business processes, which cover multiple applications and infrastructure integrated incident, problem and asset management.
Key objectives are to manage the infrastructure and applications proactively; generate a centralized system for their outsourced service providers; and link problems to their existing help desk.
- more info
Data Breachs Costly
The financial consequences of data breaches can be severe. Many organizations lose customers and revenue because of the violation of trust incurred from a breach. Due to the growing number of state privacy laws, most breaches require that those whose information is compromised must be notified. Most organizations now pay for credit monitoring services for several years for all those impacted by a breach -- these services typically cost about $100 per person per year. And in some cases, organizations are subject to fines for revealing personal information.
Security Policy Manual (policies and procedures template) is over 240 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA. Data Protection is a priority and security myths need to addressed.
- more info
Dow sinks over 600 points as China and Obama square off
WASHINGTON-- The Dow skids by over 600 points as the Obama adminsitration squares off with China. China responds with "no more loans".
U.S. Internet companies might soon need to find a new strategy for dealing with China.
In announcing that it is now U.S. policy to advocate a free and open Internet around the world, Secretary of State Hillary Rodham Clinton on Thursday essentially dared U.S. companies to follow Google's lead and put an end to their complicit censorship of Internet content. Google has said it will shut down its Chinese search engine if it can't find a way to offer an uncensored version under Chinese law, and while no one else has jumped on that bandwagon, they may soon have little choice.
"We are urging U.S. media companies to take a proactive role in challenging foreign governments' demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what's right, not simply what's a quick profit," Clinton said in remarks Thursday at the Newseum, before an audience including members of Congress, representatives from nonprofit groups, and perhaps more than one Internet company executive forced to ponder the meaning of that paragraph.
Clinton stopped short of actually proposing regulations or sanctions on Internet companies that comply with censorship laws. But her tone was clear: it's now the policy of the U.S. government to renounce corporate "engagement," or the belief that by merely being in countries like China, U.S. Internet companies are helping expand access to information.
Will it work? Google, Microsoft, and Yahoo have already formed the Global Network Initiative, a consortium of companies and organizations designed to provide guidelines for operating in countries with authoritarian governments without turning into tools of those governments. Clinton acknowledged the work of the GNI during her speech, but is calling on companies to do more.
- more info
Firefox plugs away in a tough market
Mozilla released a second release candidate of Firefox 3.6 browser, a modest upgrade that embodies Mozilla's effort to increase the frequency the open-source browser is developed.
The president of Firefox, announced second Firefox 3.6 release candidate Sunday but didn't share details. The release notes were equally mum, but the update process called the new software a "security and stability update."
The software is available from Mozilla's download site. More than 1 million people are testing Firefox 3.6 at present, and more than 300 million overall use Firefox, Mozilla said.
The new version includes Personas to let people customize the browser's appearance; blocks third-party software from encroaching on its file system turf to increase stability; and--perhaps most significantly given the competitive threat from Google Chrome--shortens start-up time and improves responsiveness and JavaScript performance.
- more info
Wireless spectrum may be overloaded
The FCC has identified the limited supply of wireless spectrum as one of the factors that could limit the growth of broadband Internet services in the U.S., which could result in slower economic growth and job creation.
Wireless spectrum will be addressed, along with other factors affecting broadband access and services, in a national broadband plan that the FCC is now assembling. The plan was originally due to be completed next month, but the FCC received a 30-day extension from the U.S. Congress.
The wide array of devices on display at CES that rely on wireless broadband underscores the urgency of resolving the spectrum issue, Genachowski said. "The wireless infrastructure in the U.S. will be our platform for ongoing innovation and investment," he said.
With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.
- more info
New CTO for Virginia
Virginia Bob McDonnell has nominated Jim Duffey to serve as his secretary of technology, according to announcement today from the Northern Virginia Technology Council.
Duffey, president and chief executive of Duff Consulting, spent 24 years at EDS Corp., where he held a variety of positions in the United States and Europe, including three years as vice president and public-sector general manager, responsible for all of EDS' state and local, federal, civilian, military and Medicare client relationships.
He also is a former vice president and public-sector general manager at Dell.
Duffey has served on NVTCs board of directors since 2004 and was vice chair from July 2006 to January 2009.
"Jim will bring a strong private-sector perspective to state government and enthusiastically champion the issues and initiatives that are so critical to our regional and statewide technology community," said NVTC Chairwoman, president of U.S., Europe and Asia at CGI.
- more info
Credit Card Haker Pleads guilty
(Reuters) - A 28-year-old college dropout pleaded guilty on Tuesday to charges that he stole tens of millions of payment card numbers by breaking into corporate computer systems.
The hacker, Albert Gonzalez, told a federal judge in Boston that he had engineered electronic thefts at companies including the card processor Heartland Payment Systems, the convenience store 7-Eleven and the Hannaford chain of New England grocery stores.
Mr. Gonzalez has previously pleaded guilty to computer break-ins at the retailers TJX Companies, BJ's Wholesale Club and Barnes & Noble.
"You face a considerable amount of time in jail as a result of your plea," Federal District Judge P. Douglas Woodlock told Mr. Gonzalez. "All aspects of your life are to be affected."
A federal court in Boston last week sentenced one of Mr. Gonzalez's conspirators, Stephen Watt of New York, to two years in prison for developing the software used to capture payment card data. It also ordered Mr. Watt to pay $171.5 million in restitution.
- more info
Over one third of HR executives ignore unemployment status of employment candidates
Boston - Results from new research released by Veritude, astaffing services provider, indicate a positive sign for the New England economy. All surveyed executives in New England, and across the country, are accepting of the economy as a reason for an extended unemployment when reviewing candidates. Specifically, when it came to examining the acceptable length of time for a candidate to be unemployed, 36 percent of responding executives said they did not believe it mattered how long a candidate was unemployed given the recessionary conditions, with 36 percent indicating that six months or less was their ideal length of unemployment.
The survey also revealed that when making hiring decisions, 44 percent of executives have no preference for a candidate's employment status. In addition, one-third of New England hiring managers and human resources professionals are considering rehiring information technology (IT) employees whom they had laid off.
According to our survey results, it appears that 2010 will be a better year for IT job seekers in New England, said a senior vice president of Veritude. With half of employers looking to hire back a portion of their laid off IT workers either as full time employees or contractors and employers accepting the economic downturn as a reason for an extended unemployment, IT job candidates should take heart that their employment status will not significantly bias a potential employer.
Although in the minority, 19 percent of those surveyed do prefer candidates who are currently employed as regular, full-time employees. Candidates who are either employed full-time or currently employed as temporary or contract workers are preferred by 22 percent.
Of all hiring executives, 53 percent did not care if a candidate was laid off in a first round as opposed to a subsequent round. While the majority did not have an issue with laid off workers, 17 percent of respondents found it more acceptable if a worker was not one of the first to be laid off.
- more info
NASA to release multi-billion dollar IT contracts
NASA says its on track to open competition as early as Dec. 4 for the first project in a series of large information technology services contracts that have been estimated to be worth more than $4 billion total.
NASA plans to award five contracts as part of the Information Technology Infrastructure Integration Program (I3P) acquisition to consolidate the agency's IT and data services. Input Inc., a market research firm, has estimated the total value for the five contracts, based on NASAs draft RFPs, to be $4.3 billion. The services contracts would consolidate current NASA contracts such as the Outsourcing Desktop Initiative for NASA and Unified NASA Information Technology Services.
The agency could release the Web Enterprise Service Technologies (WEST) final request for proposal (RFP) as early as Dec. 4, NASA said on Nov. 20. WEST would be a contract for public Web site hosting, Web content management, messaging and calendar services.
In addition, NASA said on Nov. 25 that it plans to release on or about Dec. 11 a final RFP for the NASA Integrated Communications Services or NICS contract for wide area network services, local area network services, telecommunications services, video services, and data services.
The agency also plans to release a final RFP for the Enterprise Applications Service Technologies or EAST contract for services that involve NASAs Enterprise Applications Competency Center on or about Dec. 18, the agency said.
- more info
Virtualization improves disaster planning and change control
IT has been reported that organizations implementing virtualization often experience less server downtime than organizations not deploying virtualization, and many have taken steps to provide better disaster recovery than they could have in an unvirtualized environment. Several surveys show that virtualized environments experience between 35% to 40% fewer server outage hours per year than unvirtualized environments.The reasons often given are:
- Simplification - Virtualization allows more OS workloads and more applications per server. This results in fewer servers and more standardization, which results in easier provisioning of new or redeployed applications.
- Independence - Since the OS/application workload does not tie to a specific physical server, IT Management can migrate their workload from server to server thus becoming free a particular server. This facilitates the ability to dynamically migrate applications from an overused or failing server to a healthy server, avoiding outage.
- Flexibility - Virtualization simplifies the process of initiating an OS/application. This enables IT management to have options for locating the OS/application on a particular physical server. In that way IT Managers can easily suspend, relocate, and restart applications that are degrading on a server.
- more info
- Better Change Management - Virtualization makes it easier for system administrators to set up a replicate test OS image, which makes it easier to fully regression test new configurations (new application releases, new software versions, etc.). Fuller regression testing of new configurations results in fewer defects encountered in production.
