Park City, UT, April 05, 2007 --(PR.com
)-- Janco Associates, Inc. (Janco), announced today the release of Version 6.1 of its Security Manual Template. This electronic document is over 215 pages and can be used in the creation of security policies and procedures for any size entity.
All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 17799, and HIPAA.
New with version 6.1 are two audit check lists, one to validate compliance with HIPAA and the other to validate compliance with ISO 17799. Janco's CEO, Victor Janulaitis said, "The process of creating effective policies and procedures that comply with mandated requirements such as Sarbanes-Oxley, HIPAA, GLBA (Graham-Leach Bliley Act), and the current security threats are daunting. Every corporation and organization needs a universal and comprehensive set of security policies and procedures to safeguard the use of their computers and all related equipment and information assets which support enterprise wide operations. The Security Manual Template meets those needs." He added, "It is not just government that is driving the process, groups like the Payment Card Industry (PCI) with its data standard are primary movers as well."
The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections for your security plan:
Security Manual Introduction - scope, objectives, general policy, and responsibilities
ISO 17799 Compliant
Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements
Staff Member Roles - policies, responsibilities and practices
Sensitive Information Policy
Physical Security - area classifications, access controls, and access authority
Facility Design, Construction and Operational Considerations - requirements for both central and remote access points
Media and Documentation - requirements and responsibilities
Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up
Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning
Internet and Information Technology contingency Planning - responsibilities and documentation requirements
Travel and Off-Site Meetings - specifics of what to do and not do to maximize security
Insurance - objectives, responsibilities and requirements
Outsourced Services - responsibilities for both the enterprise and the service providers
Waiver Procedures - process to waive security guidelines and policies,
Incident Reporting Procedures - process to follow when security violations occur
Access Control Guidelines - responsibilities and how to issue and manage badges / passwords