Sensitive Information Policy
Version History of the Sensitive Information Policy
Sensitive Information Policy Version History - This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers), co-location providers, and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
This offering is significantly impacted by mandated security and privacy requirements like GDPR (General Data Protection Regulation) and the CCPA (California Privacy Act). As privacy requirements are added, we will update this offering and all supporting policies / templates to be in full compliance.
Users should also look at the Security Manaual Template and the Security Vulnerability Analysis Tool which is not included as part of Janco’s Security Manual Template. Firewalls have become ubiquitous across enterprises over the past decade, but the combination of new and varied access methods combined with increasingly sophisticated attacks has forced network operators and security professionals to constantly evaluate their defenses. When deploying a next-generation firewall there are many factors to consider.
- Updated to reflect latest compliance requirements'
- Updated to reflect lessons learned from recent business disruption events and known security breaches
- Included US government security classification system definition
- Added ePub (eReader) format to standard offering
- Updated electronic forms
- Added section on best practices for sensitive information text messaging
- Added user/customer sensitive information and privacy Bill of Rights
- Added an overview section to the policy including a definition of what sensitive information is.
- Updated electronic form
- Updated to meet latest mandated requirements
- Added privacy guidelines section
- Added MS WORD electronic version of the Sensitive Information Policy Compliance Agreement
- Updated to comply with new mandated requirements
- .docx and .pdf formats support enhanced
- Updated to comply with Gramm-Leach-Bliley
- Updated to comply with Massachusetts and California requirements
- Updated General Policy Statement to Include references to PCI and HIPAA Requirements
- Updated to CSS Style sheet
- Modified to comply with Record Classification, Management, Retention, and Destruction policy
- Update Email record retention compliance requirements
- Payment Card Industry Data Security Standard (PCI DSS) Added
- Best Practices Added
- Wireless and VPN Added
- Added as a separate document PCI DSS Audit Program (extracted from PCI standards documentation with modifications)
- HIPAA Audit Program Added
- Office 2007 version Added