CIO IT Infrastructure Policy Bundle
Janco has combine the policies that it has developed over time with some of the best IT organizations around the globe into a single package. With this bundle you get a PDF file that has all of the procedures in a single document that is over 300 pages long. It would take your staff months to develop these procedures from scratch. In addition you get a separate MS-Word document for each procedure which can easily be modified.
This bundle contains the following policies:
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy
- BYOD Policy Template
- Google Glass Policy Template
- Incident Communication Plan Policy
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy
- Mobile Device Access and Use Policy
- Patch Management - Version Control Policy
- Outsourcing and Cloud Based File Sharing Policy
- Physical and Virtual Security Policy
- Record Management, Retention, and Destruction Policy
- Sensitive Information Policy
- Service Level Agreement (SLA) Policy Template with Metrics
- Social Networking Policy
- Telecommuting Policy
- Text Messaging Sensitive and Confidential Information
- Travel, Electronic Meeting, and Off-Site Meeting Policy
- Wearable Device Policy)
- IT Infrastructure Electronic Forms
All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format for those clients who just need this particular policy. All policies are Sarbanes-Oxley compliant.
Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy
The hardest part of implementing an e-mail archiving system is not picking and installing the archiving solution, but defining retention policies. Many different departments within an organization will need to be consulted, including line-of-business managers, HR, and IT. Because the archiving system may need to meet e-discovery requirements, it is also critical to involve the legal department in creating policy. Since different archiving
requirements may include differing retention periods and differing disposal requirements, there may even be conflicting requirements for different policies.
Retaining all data indefinitely is expensive, and some data may be required to be deleted, so retention policies must be explicit. Defining the policies may be difficult, but implementing the policies is much less of an issue. Archiving products will give you all the tools you need to identify e-mails and other data by age, user, subject, or content and then define specific policies on how long each type of data is retained, whether it is also written to off-site tape storage, how it is handled at the end of the retention period, and how exceptions can be created.
Since many backup or restore requests result from accidental deletions of messages or attachments, a selfservice portal, a specialized web site that allows users to search for and restore messages through a simple interface, can greatly reduce the load on the help desk.
Although administrators will want to do restores of mailboxes, mail stores, or multiple servers if there is a major disaster, allowing users to find and restore individual e-mails from the archive can free administrators to deal with bigger issues.
This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:
- Appropriate Use of Equipment
- Mobile Devices
- Internet Access
- Electronic Mail
- Retention of Email on Personal Systems
- E-mail and Business Records Retention
- Copyrighted Materials
- Banned Activities
- Ownership of Information
Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement
- E-Mail - Employee Acknowledgement
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
Sensitive Information Policy
This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data. The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.
The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilitie regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
Travel and Off-Site Meeting Policy
Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other employees, contractors, suppliers and customers data and software can be compromised. This policy is four page in length and covers:
- Data and application security
- Minimize attention
- Shared public resources
- Off-site meeting special considerations
This policy is seven page in length and covers:
- Outsourcing Management Standard
- Service Level Agreement
- Outsourcing Policy
- Policy Statement
- Approval Standard
- Base Case
Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing