Sensitive Information Policy

Order Security ManualDownload Sample
Sensitive Informatio PolicyThis policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data.  The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals). 

General privacy guidelines that should be followed are:

  • Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
  • Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
  • Create privacy-protective default settings;
  • Ensure that privacy control settings are prominent and easy to use;
  • Ensure that all personal data is adequately protected, and
  • Give people simple procedures for deleting their accounts, and honor their requests in a timely way.

Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format for those clients who just need this particular policy.  All policies are Sarbanes-Oxley compliant.


Electronic Communication Policy

Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy

 

This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:

  • Appropriate Use of Equipment
  • Mobile Devices
  • Internet Access
  • Electronic Mail
  • Retention of Email on Personal Systems
  • E-mail and Business Records Retention
  • Copyrighted Materials
  • Banned Activities
  • Ownership of Information
  • Security
  • Sarbanes-Oxley
  • Abuse

Included are these ready to use forms:

  • Internet & Electronic Communication Employee Acknowledgement
  • E-Mail - Employee Acknowledgement
  • Internet Use Approval Form
  • Internet Access Request Form
  • Security Access Application Form

orderTravel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other  employees, contractors, suppliers and customers data and software can be compromised.  This policy is four page in length and covers:

    • Data and application security
    • Minimize attention
    • Shared public resources
    • Off-site meeting special considerations

orderOutsourcing Policy - This policy is seven page in length and covers:

    • Outsourcing Management Standard
      • Service Level Agreement
      • Responsibility
    • Outsourcing Policy
      • Policy Statement
      • Goal
    • Approval Standard
      • Base Case
      • Responsibilities

    Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

 

CIO IT Infrastructure Policy Bundle

Janco has combine the policies that it has developed over time with some of the best IT organizations around the globe into a single package. With this bundle you get a PDF file that has all of the procedures in a single document that is over 300 pages long. It would take your staff months to develop these procedures from scratch. In addition you get a separate MS-Word document for each procedure which can easily be modified.

This bundle contains the following policies:

Order