HIPAA and ISO 17799 Audit Check Lists Released

Janco Associates, Inc. (Janco), announced today the release of Version 6.1 of its Security Manual Template. This electronic document is over 215 pages and can be used in the creation of security policies and procedures for any size entity.Security Manual Template

All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 17799, and HIPAA.

New with version 6.1 are two audit check lists, one to validate compliance with HIPAA and the other to validate compliance with ISO 17799. Janco's CEO, Victor Janulaitis said, "The process of creating effective policies and procedures that comply with mandated requirements such as Sarbanes-Oxley, HIPAA, GLBA (Graham-Leach Bliley Act), and the current security threats are daunting. Every corporation and organization needs a universal and comprehensive set of security policies and procedures to safeguard the use of their computers and all related equipment and information assets which support enterprise wide operations. The Security Manual Template meets those needs. " He added, "It is not just government that is driving the process, groups like the Payment Card Industry (PCI) with its data standard are primary movers as well. "

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections for your security plan:

  • Security Manual Introduction - scope, objectives, general policy, and responsibilities

  • ISO 17799 Compliant

  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements

  • Staff Member Roles - policies, responsibilities and practices

  • Sensitive Information Policy

  • Physical Security - area classifications, access controls, and access authority

  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points

  • Media and Documentation - requirements and responsibilities

  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up

  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning

  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements

  • Travel and Off-Site Meetings - specifics of what to do and not do to maximize security

  • Insurance - objectives, responsibilities and requirements

  • Outsourced Services - responsibilities for both the enterprise and the service providers

  • Waiver Procedures - process to waive security guidelines and policies,

  • Incident Reporting Procedures - process to follow when security violations occur

  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords

  • Sample Forms

    •

    Order Security Manual Template Download Sample