tag:blogger.com,1999:blog-1825174670364307543Sat, 20 Sep 2008 21:34:23 +0000http://www.airlinetechnology.net/solutions_blog.htmtm@airlinetechnology.net (Tim Moreton)Blogger2125tag:blogger.com,1999:blog-1825174670364307543.post-6465484948790304886Wed, 17 Sep 2008 01:35:00 +00002008-09-16T19:45:50.340-07:00As an airline industry IT consultant I have had the opportunity to use two highly effective resources to help simplify and put structure around IT Governance documentation.<br /><br />1. IT Governance Ltd. in the UK. http://www.itgovernance.co.uk<br /><br />They use ISO standards 27001 and 27002 as the framework for a comprehensive Information Security Management System. They deliver toolkits with easy to follow instructions and pre-written templates to help you produce documentation for your Information Security Manual and the following IT control areas: <br /><br />Risk Assessment<br />Security Policy<br />Asset Management<br />Human Resources Security<br />Physical and Environmental Security<br />Communications and Operations Management<br />Access control<br />Information Systems Acquisition, Development and Maintenance<br />Information Security Incident Management and,<br />Business Continuity Management<br />Compliance<br /><br />IT Governance Ltd "gets it". Their toolkits are all you really need to produce documentation that upholds the integrity of ISO and puts you in an audit-ready position for SOX and PCI compliance. <br /><br /><br />2. Unified Compliance Framework http://www.unifiedcompliance.com/<br /><br />UCF unravels and cross-references the entire spectrum of controls needed for regulatory compliance. They track and reference dozens of authority documents including those for: Sarbanes Oxley, Banking and Finance, Healthcare and Life Science, Energy, Payment Card, US Federal Security, Records Management and more. The Unified Compliance Framework reduces the regulatory tornado to a much smaller set of harmonized controls, giving you a single point of control over hundreds of complex compliance requirements from around the world. Meeting your compliance requirements has never been this straightforward.<br /><br />They publish "Say What You Do", a book that is a technical writer's manual and reference guide to building a framework of IT controls, policies, standards and procedures.<br /><br /><br />With the above two resources, a small team of technical writing consultants can create new documentation or modify existing documentation to satisfy your internal and external compliance requirements. The main benefits from using these tools are: reduction in project and ongoing costs, faster time to deliver and less drain on internal resources. <br /><br />There you go - IT Governance documentation simplified.http://www.airlinetechnology.net/2008/09/solutions.htmltm@airlinetechnology.net (Tim Moreton)tag:blogger.com,1999:blog-1825174670364307543.post-7312402008104030260Wed, 17 Sep 2008 01:32:00 +00002008-09-16T18:33:29.245-07:00Welcome to the airlinetechnology.net Solutions blog!http://www.airlinetechnology.net/2008/09/welcome.htmltm@airlinetechnology.net (Tim Moreton)