Information Technology PolicyPro
September 2, 2014 Jeffrey Sherman Anti-spam, Do-not-Call, Business and Legal Issues, Corporate Administration, Corporate Governance, E-Commerce, IT, Privacy and Security, Privacy Compliance and Management, Sales, Marketing and Operations, Social Media/Social Networking, Systems and Data Management
It should be clear that managing your anti-spam obligations will mean modifying your information technology processes. The CRTC has created comprehensive anti-spam guidelines that demonstrate some of the ways IT will be involved…
anti-spam, auditing, Canada anti-spam legislation, Canadian Radio-television and Telecommunications Commission, CASL, commercial electronic message, complaint-handling, compliance, corrective action, CRTC, CRTC guidelines, Information Technology PolicyPro, ITPP, monitoring, policies and procedures, record keeping, risk assessment, senior management, social media, training, written policy
November 4, 2013 Jeffrey Sherman Corporate Governance, IT, Privacy and Security, Sales, Marketing and Operations
One of the key elements needed to ensure accountability is reporting the right statistics and metrics. Each user department is responsible for ensuring that its information technology needs are addressed, and the IT department is responsible for providing overall cost-effectiveness, quality and coordination. The IT department can play its role by ensuring that IT metrics are captured and disseminated. User departments and the IT department must both be involved; neither may be permitted to abdicate its responsibilities.
benefits delivery, COBIT 5, compliance, data capacity, estimating resource requirements, future functional requirements, governance framework, implementation, Information Technology PolicyPro, IT accountability, IT compliance, IT controls, IT department, IT governance, IT infrastructure, IT measurement, IT planning, IT priorities, IT strategy, ITPP, managing relationships, metrics, needs evaluations, network capacity, planning cycle, planning process, priorities, processing requirements, processor memory, resource capacity, resource optimization, resource usage, risk optimization, statistics, systems requirements, technical support, upgrading IT infrastructure, user support
April 1, 2013 Adam Gorley Corporate Governance, IT, Privacy and Security, Not for Profit
By now, countless businesses have had to address some issue relating to an employee using her or his personal digital device for work purposes (“bring your own device” or BYOD). An employee wants to access the office wireless network on her laptop so she can work while away from her desk; another wants to store and view work documents on his tablet; another just wants to check her work email from her smartphone. These are just a few of the many ways workers are using personal digital devices to perform work-related tasks.
access to network, apps, Bring-your-own-device, BYOD, BYOD program, code of conduct, compensation, data access, device maintenance and support, device repairs, device replacement, employee agreements, information storage, information technology, Information Technology PolicyPro, laptop, mobile devices, mobile workforce, network connections, overtime pay, personal devices, rogue apps, tablet computer, tech support, training, wireless, work documents, workplace policies
January 9, 2013 Occasional Contributors Corporate Governance, Finance and Accounting, IT, Privacy and Security, Not for Profit, Sales, Marketing and Operations
Since well before Information Technology PolicyPro was first published and for good reasons considering the technologies available at the time, it made sense to restrict devices connected to the corporate network to those owned and controlled by the enterprise and configured by IT. This is no longer the case.
Android, application installation controls, applications, Blackberry, Bring-your-own-device, business purposes, BYOD, BYOD is all about employees using their own preferred equipment at work, BYOD-enabled device, corporate executives and marketing, corporate network, corporate networks, costs of implementation, digital devices, digital equipment, email workstations, employee’s personal device, Employment, employment law, hrlaw, Information Technology PolicyPro, internet access, internet tablets, iPad, iPhone, ITPP, laptops, locking or wiping a device, maintenance costs, mapping of policies, mobile telephones, monitoring and supporting devices, operating systems, personal portable digital devices, PlayBook, policies and procedures, policy setting, purchased for personal, security risks, smartphones, tangible and intangible benefits, various policies, WiFi access, workforce’s business and personal life, Workplace
December 3, 2012 Ron Richard Corporate Governance, Finance and Accounting, IT, Privacy and Security, Sales, Marketing and Operations
With an overabundance of information being stored or created in electronic format, and various tools for turning data (i.e., personally identifiable information, intellectual property, credit card) into cash, goods, and other services, the risks of doing business have increased. We are hearing more and more about attacks where the target is sensitive data, and the perpetrators are those with elevated levels of trust and access within the business.
best practices, Camouflage Software Inc., data masking, data protection, electronic format, encryption, Gartner, hackers, Information Technology PolicyPro, insider threat, insider threats, IT projects, Kevin Duggan, NIST, NL Government OCIO, Plato Consulting, Ponemon Institute, Protecting sensitive data, risk management, risks of doing business, SearchSecurity, software development, testing, trust and access
November 19, 2012 Jeffrey Sherman Corporate Governance, IT, Privacy and Security
CobiT 5 was released in 2012. It takes a higher-level governance approach, focusing on stakeholders and their needs. It incorporates the internal control focus of earlier versions of CobiT but goes beyond them.
Alignment of IT and business strategy, and monitor, balanced scorecard, business, COBIT, Control Objectives for Information and Related Technology, direct, domain, Evaluate, information technology, Information Technology PolicyPro, Internal Controls, internal processes, IT control model, IT-related goals, ITPP, manage IT risks, management of enterprise information technology, risk assessment, risk identification, technology
October 25, 2011 Adam Gorley Announcements and Administration, Finance and Accounting, IT, Privacy and Security, Not for Profit
Jeffrey D. Sherman is the lead author of all four volumes of First Reference’s Internal Controls Library: Finance and Accounting PolicyPro (including Operations and Marketing PolicyPro), Information Technology PolicyPro and Not-for-Profit PolicyPro. While we knew our internal control publications were in good hands before, we don’t mind saying we’re especially proud to have Jeffrey’s name on them now.
fapp, FCA, Fellowship of the Institute of Chartered Accountants of Ontario, Finance and Accounting PolicyPro, ICAO, Information Technology PolicyPro, Institute of Chartered Accountants of Ontario, ITPP, Jeffrey Sherman, not-for-profit policypro, NPPP, OMPP, Operations and Marketing PolicyPro
September 6, 2011 Adam Gorley Corporate Governance, Finance and Accounting, IT, Privacy and Security, Sales, Marketing and Operations
There are a number of potentially troublesome issues associated with retaining records. For example: there are storage and privacy concerns; organizations must ensure they keep records secure in accordance with relevant privacy laws. At the same time, organizations might not have considered the self-incriminating information that records might hold, and they will want to ensure they don’t keep potentially incriminating records any longer than the law requires.
audit, document destruction, document management, document retention, evidence, fapp, Finance and Accounting PolicyPro, Information Technology PolicyPro, ITPP, Personal Information Protection and Electronic Documents Act, PIPEDA, records management, self-incrimination
August 2, 2011 Adam Gorley Finance and Accounting, IT, Privacy and Security, Sales, Marketing and Operations
Surely you’ve heard about the major security and data breaches that Sony has experienced this year. It’s bad. It’s a liability. Despite the popularity of their online services, they’ll have to work hard to regain customers’ loyalty. Other big names have experienced similar attacks.
attack, classified information, credit card data, cyber-thieves, Data breach, fapp, Finance and Accounting PolicyPro, hackers, hacking, Information Technology PolicyPro, ITPP, loyalty, Network Security, online security, privacy, proprietary information, risk management, SMBs, Sony, Symantec
July 25, 2011 Adam Gorley Corporate Governance, Finance and Accounting, Not for Profit
Charity and non-profit lawyer Mark Blumberg offers a compliance checklist for Canadian charities via the GlobalPhilanthropy.ca charity assistance project.
charity, compliance, disbursement quota, donation receipts, ensuring correct information, fapp, Finance and Accounting PolicyPro, fundraising, GlobalPhilanthropy.ca, Information Technology PolicyPro, ITPP, maintaining legal status, Mark Blumberg, non-charitable activities, non-qualified donees, not-for-profit governance, not-for-profit policypro, NPPP, registered charity, religious school tuition, risk management, T3010, tax shelters
June 16, 2011 Adam Gorley Corporate Governance, Finance and Accounting, IT, Privacy and Security, Sales, Marketing and Operations
No doubt you’ve heard that a chain is only as strong as its weakest link. In the world of electronic funds transfers, this maxim holds doubly true. It applies to security systems and the networks they run on (including the Internet) as well as the users of those systems and networks. A security system can only defend a network if it offers sufficient coverage and controls. Absent such controls, users can, intentionally or accidentally, access, change or steal data that they are not authorized to see.
chip card, credit card, debit card, EFT, electronic funds transfers, fapp, Finance and Accounting PolicyPro, forging, identification, Information Technology PolicyPro, ITPP, paper transactions, PIN, signature, theft, transaction controls
March 28, 2011 Adam Gorley IT, Privacy and Security, Sales, Marketing and Operations
Mobility is not just about technology anymore. However, chances are high that IT, specifically the CIO, will be responsible for any mobile initiatives within the company. So, CIOs need to take a broad view of mobility and understand the effect this technology will have on departments such as HR, sales, marketing, legal, security and facilities, as well as IT.
Blackberry era, chief information officer, CIO, flexible work arrangements, information technology, Information Technology PolicyPro, information technology strategy, iPhone, IT, IT strategy, ITPP, mobile workforce, mobility, smartphones, telecommuting
March 21, 2011 Adam Gorley IT, Privacy and Security, Sales, Marketing and Operations
How often do you think about malware? Do you consider it a threat to your operations? Do you have a strategy to prevent malware attacks and deal with them if they do occur? Is your strategy up to date?
email, information technology, Information Technology PolicyPro, Internet Security, IT, ITPP, malware, risk, security, social media, spyware
November 15, 2010 Adam Gorley Corporate Governance, IT, Privacy and Security
Information technology has infiltrated just about every aspect of business, to the point where it’s nearly impossible to avoid developing a dedicated IT strategy in order to support your main business goals. A new book describes how even minor software troubles can lead to big headaches for organizations, especially if they rely on the software to carry out their business.
automation, brand, business goals, information technology, Information Technology PolicyPro, IT controls, IT governance, IT planning, IT strategy, ITPP, Jeff Papows, measurement, metrics, policy and procedures, profitability, reputation, software glitch, technology infrastructure
