Sensitive Information Policy

Order Sensitive Information Policy Download Sensitive Information TOC

This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data. The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).

General privacy guidelines that should be followed are:

Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
Create privacy-protective default settings;
Ensure that privacy control settings are prominent and easy to use;
Ensure that all personal data is adequately protected, and
Give people simple procedures for deleting their accounts, and honor their requests in a timely way.

Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format for those clients who just need this particular policy. All policies are Sarbanes-Oxley compliant.

Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy

This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:

Appropriate Use of Equipment
Mobile Devices
Internet Access
Electronic Mail
Retention of Email on Personal Systems
E-mail and Business Records Retention
Copyrighted Materials
Banned Activities
Ownership of Information
Security
Sarbanes-Oxley
Abuse

Included are these ready to use forms:

Internet & Electronic Communication Employee Acknowledgement
E-Mail - Employee Acknowledgement
Internet Use Approval Form
Internet Access Request Form
Security Access Application Form
Order Electronic Communication Policy Dowload Sample Electronic Communication Policy

Travel and Off-site Meeting Policy

Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other employees, contractors, suppliers and customers data and software can be compromised. This policy is four page in length and covers:

Data and application security
Minimize attention
Shared public resources
Off-site meeting special considerations
Order Travel Off-Site Meeting Policy Travel Off-Site Meeting Policy TOC

Outsourcing Policy

This policy is seven page in length and covers:

Outsourcing Management Standard

Service Level Agreement
Responsibility

Outsourcing Policy

Policy Statement
Goal

Approval Standard

Base Case
Responsibilities

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

Order Outsource How To Download Outsourcing How to Template

CIO IT Infrastructure Policy Bundle

Janco has combine the policies that it has developed over time with some of the best IT organizations around the globe into a single package. With this bundle you get a PDF file that has all of the procedures in a single document that is over 300 pages long. It would take your staff months to develop these procedures from scratch. In addition you get a separate MS-Word document for each procedure which can easily be modified.

This bundle contains the following policies:

Order IT Policy Bundle Download Sample Infrastructure Policies