CIO IT Infrastructure Policy Bundle
Janco has combine the policies that it has developed over time with some of the best IT organizations around the globe into a single package. With this bundle you get a PDF file that has all of the procedures in a single document that is over 300 pages long. It would take your staff months to develop these procedures from scratch. In addition you get a separate MS-Word document for each procedure which can easily be modified.
This bundle contains the following policies:
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy
- Incident Communication Plan
- Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
- Mobile Device Access and Use Policy
- Outsourcing Policy
- Patch Management Policy
- Record Management, Retention, and Disposition Policy
- Sensitive Information Policy
- Service Level Agreement Policy
- Social Networking Policy
- Telecommuting Policy
- Travel, Laptop, PDA and Off-Site Meeting Policy
Individual Policies
All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format for those clients who just need this particular policy. All policies are Sarbanes-Oxley compliant.
Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy
The hardest part of implementing an e-mail archiving system is not picking and installing the archiving solution, but defining retention policies. Many different departments within an organization will need to be consulted, including line-of-business managers, HR, and IT. Because the archiving system may need to meet e-discovery requirements, it is also critical to involve the legal department in creating policy. Since different archiving
requirements may include differing retention periods and differing disposal requirements, there may even be conflicting requirements for different policies.Retaining all data indefinitely is expensive, and some data may be required to be deleted, so retention policies must be explicit. Defining the policies may be difficult, but implementing the policies is much less of an issue. Archiving products will give you all the tools you need to identify e-mails and other data by age, user, subject, or content and then define specific policies on how long each type of data is retained, whether it is also written to off-site tape storage, how it is handled at the end of the retention period, and how exceptions can be created.
Since many backup or restore requests result from accidental deletions of messages or attachments, a selfservice portal, a specialized web site that allows users to search for and restore messages through a simple interface, can greatly reduce the load on the help desk.
Although administrators will want to do restores of mailboxes, mail stores, or multiple servers if there is a major disaster, allowing users to find and restore individual e-mails from the archive can free administrators to deal with bigger issues.
This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:
- Appropriate Use of Equipment
- Mobile Devices
- Internet Access
- Electronic Mail
- Retention of Email on Personal Systems
- E-mail and Business Records Retention
- Copyrighted Materials
- Banned Activities
- Ownership of Information
- Security
- Sarbanes-Oxley
- Abuse
Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement
- E-Mail - Employee Acknowledgement
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
Sensitive Information Policy
This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data. The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.
The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
- Data and application security
- Minimize attention
- Shared public resources
- Off-site meeting special considerations
- Outsourcing Management Standard
- Service Level Agreement
- Responsibility
- Outsourcing Policy
- Policy Statement
- Goal
- Approval Standard
- Base Case
- Responsibilities
Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing
Infrastructure and Policy News
iPhone5 to make remote computing easier
According to the Jan. 25 reports "reliable source at Foxconn in China," the various prototypes circulating around that production facility share some common features, including a 4-plus-inch display and a casing that no longer follows the design aesthetics of the iPhone 4 and iPhone 4S. "No teardrop-shaped devices, as rumored in the lead up to the iPhone 4S," related 9to5Mac. "Samples so far have been symmetrical in thickness (also longer/wider)."
Scuttlebutt concerning a larger iPhone 5 screen has circulating for some time, as the blog points out. That being said, variations between the prototypes suggest that Apple has yet to settle on a release version. If Apple follows the release cadence it established with previous iPhone iterations, this newest smartphone could make its debut in either the summer or early fall timeframes.
- more info
IT Hiring Trends
If you've been promising your loyal IT staffers that you'll take care of them with raises when the economy turns around, 2012 is unlikely to be the year you get to make good on those promises. While employees in some roles will see increases this year, raises will be held in check, according to the most recent annual salary survey and forecast from Janco Associates. And CIOs and other executive-level IT managers will be in the same boat, likely to see level compensation from last year.
Find out what it's all about. See the IT 2012 IT Salary Survey
- more info
Factors to Consider in a Disaster Recovery & Business Continuity Plan
The Janco Disaster Recovery Plan & Business Continuity Template takes into consideration all of the items related to various layers of operations that most enterprises need to consider if they want to continue after a disaster occurs. These include:
- more info
Infrastructure focus of IT Budgets
Mobility and wireless network infrastructures are the big takers when it comes to IT budget planning for 2012, according to a research study. Organizations are moving to the next stage of the IT infrastructure build-out across multiple budget areas, and the 2012 IT Investment Patterns Study shows how the strategy trends of innovation, integration and reversion are having a significant impact on 2012 spending patterns.
The IT environment is too complex to rely on outmoded ways to keep the business functioning and thriving flawlessly. To balance the many crucial and changing enterprise demands to move the organization forward, an IT governance process is required. This increases risks in expectations of IT --- the growth of the Internet, compliance concerns, mobile computing and advanced security risks as reasons for the critical need for IT governance. Instituting a governance process can serve as a catalyst that can effectively bring together the dynamics of cross-enterprise communication and summarize key, relevant data to provide critical metrics to make informed decisions.
- more info
Patch Management Policy Released
With the ever rising availability of enterprise data to mobile users there has been a significant increase in security exposure for information and network assets. The CEO of Janco Associates said, "As many as 90 percent of successful attacks are against vulnerabilities in which a patch already exists. Despite this statistic, many computers do not have the latest security patches installed, putting organizations at serious risk from a variety of malware threats. Patches are time-consuming to track and administer, and it is often difficult to see which computers actually have critical patches installed correctly. Without this visibility, IT managers have no simple method of identifying computers most at risk." He added, "To meet this requirement Janco has added a Patch Management Policy to its popular CIO Infrastructure Policy Bundle."
- more info
Microsoft's IE follows FireFox spell check to be added
Firefox has had spell check implemented for several versions. Microsoft is now trying to catch up.
Microsoft is adding a commonly requested feature - spell-checking - to Internet Explorer (IE) 10. The feature is part of the already-released IE 10 developer previews, but Microsoft called it out and explained it in detail on the IEBlog.
IE 9 doesn't include spell-checking. That lacking feature is cited by more than a few users as one reason they aren't using IE 9. But because IE 10 will be the version of IE bundled with Windows 8, which will be optimized for touch input, spell checking is no longer taking a back seat.
- more info
Healthcare IT jobs are plentiful
Many IT expertise pros have lost jobs, however healthcare is hiring to fill an expected shortage of 50,000 workers to support implementation of electronic health records and health information exchange. HIMSS and ASHHRA want to let technology professionals know and they want to have access to each other's knowledge.
Health Care vs. Financial Services Job Growth
Employment is on the rise in Healthcare IT and spending will reach $40 billion by the end of this year. Much of that growth will come from spending on electronic health record (EHR) systems, mobile health applications and efforts to comply with new government standards. Boosted by increased spending on healthcare software -- which is needed for the rollout of EHR systems -- the U.S. healthcare IT market is expected to grow at a rate of about 24% per year from 2012 to 2014, the study said. Spending on healthcare software rose 20.5% in the past year, from $6.8 billion in 2010 to a projected $8.2 billion this year. Recent mergers and acquisitions in the healthcare IT market also point to growing private-sector interest in software, which will see sales grow at rate of more than 30% annually from 2012 to 2014.
The federal government is devoting $116 million to health IT workforce training in the form of grants to community colleges and graduate medical informatics programs, as well as curriculum development, but that alone won't be enough to make up the entire labor shortage.
- more info
Malware attacks increase
Malware is complex and seemingly everywhere and is often difficult to stop. It knows how to find your data - even on your mobile device and Mac. You can't ignore your "safe" devices any longer: you need to recognize and stop the threats before they do harm.
Malicious software can take the form of a computer virus or worm and disrupt or deny computer operations, steal private or sensitive information or gain unauthorized access to system resources. Since January 2011, serious malware attacks have hit many high-profile organizations who suffered damaging data loss. Some attacks were for kicks, some for money, some for political hacktivist reasons and some for reasons unknown.
One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.
The policies that Janco has created are a must have that every enterprise needs. They can all be accessed by going to the Policy Master Page or the individual policies can accessed directly by clicking on the links below.
The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically. A totally solution that uses technology at its best.
- CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Outsourcing Policy
- Record Management, Retention, and Destruction Policy
- Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with Metrics
- Social Networking Policy
- Telecommuting Policy
- Travel and Off-Site Meeting Policy
- more info
Tax liability impacted by disaster recovery plan
Keeping track of a tax liability among multiple states can get complicated. If you have three servers in three states, software could be running in any one at any time, so youd have to consider presence in all three states. For example, if you have disaster recovery site in Pennsylvania, and that establishes presence in that state. A third party runs it; you many never have people going there and no one touches it, but you have a tax liability in that state. For customers who buy services, even though they're buying from a provider in California, they have to pay sales tax in Pennsylvania because they have a presence there.
Sales and use tax boils down to where a business has a physical presence that opens it up to tax liability within that jurisdiction. But when it comes to the cloud - where services are sold to customers who may access them anywhere from servers located who-knows-where by companies that may be headquartered anyplace - determining presence, and the liabilities that go with it, is anything but straightforward.
The state of New York has ruled that presence is determined by where an application is used, not where it is hosted. The location of the software code, according to the 2009 opinion of the New York Commissioner of Taxation and Finance, was deemed irrelevant. . .because the software could be used just as effectively by the customer even though the customer never received the code on a tangible medium or by download. (Meaning, the customer accessed the software through a browser, as is the case with cloud services.) The fact that the cloud contract provided no grant of license to use software was not found controlling. In other words, the cloud provider should be collecting sales and use tax just as if it were mailing disks to the customer, and the customer should be paying whether or not it receives a perpetual license.
Many states are moving toward an economic presence standard whereby out-of-state businesses establish presence when making sales through an agreement with a person located in that state and the in-state person refers customers to the out-of-state business through a website link.
- more info
Record Retention for the long-term
A whopping 80 percent of the organizations studied have reported a need to retain electronic records for more than 50 years. Can your enterprise store 50 years of electronic records given current technology? Without data loss? Do you think that you can do more than three migrations of archival data from one storage media to the next without data loss?
How many consumers using Internet photo services sites think that your digitized images will still be there 50 years from now?
To address those questions the 100 Year Archive Task Force (100YrATF), operated by the SNIA's Data Management Forum, is as a global, multi-agency group working to define best practices and storage standards for long-term digital information retention.
The 100 Yr ATF was created by SNIA because of the pending crisis in long-term preservation of digital information in the IT datacenter. The crisis has two principle challenges:
- more info
- Losing information that is stored digitally due to corruption, loss of access, loss of discoverability, or loss of readability
- Losing control of the ability to keep up with migrating the overwhelming volume of information to new media and into new logical formats.
