Professional Documents
Culture Documents
Information
Technology
Infrastructure,
Strategy, &
Charter
E-mail: support@e-janco.com
http://www.e-janco.com
February 2008
All Rights Reserved. No part of this book may be reproduced by any means without the prior written
permission of the publisher. No reproduction or derivation of this book shall be re-sold or given away
without royalties being paid to the authors. All other publisher‟s rights under the copyright laws will be
strictly enforced.
435 940-9300
e-mail - support@e-janco.com
Publisher cannot in any way guarantee the procedures and approaches presented in this book are being used
for the purposes intended and therefore assumes no responsibility for their proper and correct use.
Printed in the United States of America
ISBN13 ( 978-1-881218-01-2)
HandiGuide is a registered trademark of Janco Associates, Inc.
*** IMPORTANT ************************************************************
In order to get support you MUST register your product by going to
http://www.e-janco.com/register.asp
If your product is not registered you will have to pay for support via
a credit card (MasterCard, Visa, or American Express). Please have
your credit card ready prior to calling.
**************************************************************************
Both of these documents are the same but we have provided them in both for your use. If you have any
questions on these documents please send an email to support@e-janco.com and reference your order
number.
Telephone support can be obtained if you have registered your product by going to http://www.e-
janco.com/register.asp
If you register your product within thirty (30) days of purchase and follow the instructions provided Janco
will send you a coupon for 10% off on your next purchase from any of Janco's direct sites.
These include:
1. http://www.e-janco.com
2. http://www.itproductivity.org
3. http://www.ejobdescription.com
4. http://www.it-toolkits.com
This template was compiled in Word and we have used VISIO for the exhibits. You
need Microsoft WORD to modify the text and VISIO to modify the exhibits. ent.
The steps that you should follow to use this template are:
Make the original version of the document a read only file and restrict access to
it.
Save a copy of the word template with a new name in a place that you can access
it without altering the original.
Using Microsoft WORD‟s functionality (Edit Replace)
Mandatory
[Enterprise] with your enterprise’s name
Optional
IT Management Council with the name of your priority and
resource setting group i.e. Steering Committee.
Chief Information Officer with Chief Technology Officer
CIO with CTO (make sure that you tag this as case sensitive)
IT with IS (make sure that you tag this as case sensitive)
Customize your headings and footers. Note somewhere within the document the
reference to the fact that his charter was generated for one of our copyrighted
templates needs to be mentioned.
Delete this page
Go to the table of contents and right click on any part of the table of contents and
select the option to replace the Table of Contents and the new Table of
Contents will be generated.
Save the document with a name (i.e. Strategy001.doc). Increment the number
each time that you save the document and you will have back-ups of your
Charter that you can refer to as you customize it to meet your needs
© 2008 Copyright Janco Associates, Inc. - ALL RIGHTS RESERVED Page iii
Thisisasampl eofthefinalproduct
thesepagesareforyourr eview only
and areprot
ected byJanco’scopyright
PAGES HAVEBEEN EXCLUDED
Table of Contents
© 2008 Copyright Janco Associates, Inc. - ALL RIGHTS RESERVED Page viii
Planning the Audit............................................................................................................................102
HIPAA Audit Scope .........................................................................................................................104
Audit Objectives .................................................................................................................................................. 104
Objective 1 ..................................................................................................................................................... 104
Objective 2 ..................................................................................................................................................... 104
Objective 3 ..................................................................................................................................................... 104
Audit Wrap Up .................................................................................................................................................... 105
ISO 27001 & 27002 Security Process Audit Checklist .......................................................................106
Security Policy Management Objectives..........................................................................................106
Corporate Security Management Objectives ....................................................................................107
Organizational Asset Management Objectives ................................................................................109
Human Resource Security Management Objectives ........................................................................110
Physical and Environmental Security Management Objectives .......................................................112
Communications and Operations Management Objectives ..............................................................113
Information Access Control Management Objectives ......................................................................116
Systems Development and Maintenance Objectives ........................................................................119
Information Security Incident Management Objectives ...................................................................121
DRP and Business Continuity Management Objectives ..................................................................122
Compliance Management Objectives ...............................................................................................124
Control and Security Objectives.......................................................................................................125
What‟s News .......................................................................................................................................126
Version 2.1 February 2008 ...............................................................................................................126
Version 2.0 February 2007 ...............................................................................................................126
Background
All providers of medical services were required to comply with the
Health Information Portability and Accountability Act (HIPAA).
HIPAA was created to improve the efficiency and effectiveness of the
health care system through the development of national standards for
electronic health care transactions.
© 2008 Copyright Janco Associates, Inc. - ALL RIGHTS RESERVED Page 100
Appendix
ISO 27001 & 27002 Security Process Audit Checklist
© 2008 Copyright Janco Associates, Inc. - ALL RIGHTS RESERVED Page 107
Appendix
What’s News
What’s News
© 2008 Copyright Janco Associates, Inc. - ALL RIGHTS RESERVED Page 126