Use of UniDesk Code of Practice
|
|
- Winfred Fields
- 8 years ago
- Views:
Transcription
1 Use of UniDesk Code of Practice Introduction This code of practice outlines the support mechanisms in place for the security of the UniDesk service. References are made to Exchange, EASE, Shibboleth, Identity Management (IDM) and the bulk mail relays. This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this document. This code of practice is also qualified by The University of Edinburgh computing regulations, found at: Code of Practice Version Revision Date CoP Template Author Notes Version Version 28/03/ st Draft 1.4 Matt Beilby 1 st Draft 03/04/ Alex Carter Review 17/09/ Matt Beilby Review QA Date QA Process Notes 10 Sep 2014 IT Security WP Suggested date for Revision of the CoP Author 01/11/2015 Matt Beilby UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
2 2. System description Revision Date System Author Notes Version 28/03/ Matt Beilby 1 st Draft 17/09/ Matt Beilby Revision _._/_._/ <......> <......> <......> 2.1 System name UniDesk 2.2 Description of system UniDesk is a web based, cross platform service improvement solution, with modules for Incident, Problem and Change Management, as well as a Configuration Management database. UniDesk is a shared service provided by and for the UniDesk partnership, comprising the Universities of Edinburgh, St. Andrews, Abertay Dundee, and is provided as SAAS to member institutions, who currently include Sheffield Hallam University and the University of Ulster. Although based on shared infrastructure each institution has a separate application layer and database, protected by their local Shibboleth Identity Provider (IdP). 2.3 Data End User Data includes: Name, College/Support Group, School/Division, Type of User (inc Online Distance), UUN, Address, Employee number or matric number and library card number. Also, where available (generally where set manually): Preferred contact method, location, telephone number. Operator Data includes: Name, College/Support Group, School/Division, Type of User, UUN, Address, Operator Group(s), Task settings. Also, where available: Telephone number, Location Data is also held on other Systems and Hardware in the Configuration Management database. UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
3 2.4 Components Core system: Application layer, (inc. TOPdesk software, Apache, Shibboleth, and bespoke pieces) Database layer (mirrored) Dependencies for all systems: Virtualised infrastructure, Network, Bulkmail relay Dependencies for Edinburgh Environment: idp for Shibboleth EASE single sign on Exchange IDM system Telephones database External Dependencies for partner/member systems: Local idp service, Local IMAP mail service Local single sign-on Nightly data feed, pushed to Edinburgh. 2.5 System owner The system owner is IS Applications Service Management. 2.6 User base As operators, potentially all members (and some visitors) of the Universities of Edinburgh, St. Andrews, Abertay Dundee, Sheffield Hallam and Ulster, in their respective environments. End users serviced using UniDesk could include not only staff, students, visitors but also applicants and alumni or any other parties serviced by Operators using UniDesk 2.7 Criticality The UniDesk service is considered to be a Priority 2 service, occupying a priority space just below critical services. 2.8 Disaster recovery status DR procedure is available at UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
4 Terminology 3. User responsibilities Users are all members of the University community and external contacts who receive support via UniDesk Operators are staff members responsible for providing support to users who have all the responsibilities of users as well as those identified for operators alone 3.1 Data Users are required to protect their password to access the system which is provided by each institution s single sign on system. 3.2 Usernames and passwords They are also governed by the computing regulations and applicable law to ensure that data protection principals are adhered to when exporting or forwarding personal data via , or any other applicable method. Operators are responsible for the contents of memo fields in Incidents, which in most cases are by default visible to end users via Self Service and to other operators, except for certain operator groups whose incidents are classified as confidential to the caller. Procedures are in place for removing sensitive information from the UniDesk service, where it has been entered in error. UniDesk uses Shibboleth for authentication for both users and operators, tying into a local single sign on service. At Edinburgh, the single sign on service is EASE. The provision of EASE passwords is described in the EASE security code of practice. 3.3 Physical security Users are expected to maintain security practices consistent with other single sign on services, keeping PCs and physical spaces locked, or by logging out before going away. 3.4 Remote/mobile working Users may access UniDesk via certain mobile devices or via the web from any Internet connected device with a supported browser setup. If accessing via the web, users should ensure that they logout properly at the end of their session. This is especially important if using a system in a public place such as an Internet cafe. If accessing via a mobile device then they should ensure appropriate physical security of their mobile device, which may include configuring a device level passcode. If accessing from a user's own PC then appropriate virus protection software should be used to protect against viruses and Trojans such as key loggers. UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
5 3.5 Downloads and removal of data from premises 3.6 Authorisation and access control There are no controls to prevent people from removing data from the premises since the data is available externally. The system holds support data which is generally open within the confines of the appropriate University support community. However information about users is also held, and Operators should take care when dealing with personal data that would be covered by applicable data protection law. See also the University's Policy on the Storage, Transmission and Use of Personal Data and Sensitive Business Information Outwith the University Computing Environment. All users with a full EASE account should be able to check their own incidents in Self Service (other institutions than Edinburgh will have their own policies on Self Service). At Edinburgh, Operator Groups are maintained and created centrally within Information Services. New Operators are intended to be created and managed by a devolved administrative role, called Team Admin. These are not full administrator accounts. Typically there is one such Team Admin per Operator Group. For the Edinburgh environment only IS Staff are permitted administrator privileges in order to support users accordingly. Administrator access may in some cases be granted to key contacts at other institutions for their own environments only. Further administrative access to those environments is effectively devolved to those key contacts. A local administration role has been developed to assist with further devolvement, but its use is currently discretionary to those key contacts. Operators at the University of Edinburgh must abide by university regulations when handling users accounts and data. 3.7 Competencies All users should have an understanding of their responsibilities as set out in the computing regulations. Operators should further have an understanding of any UniDesk processes which apply to them, such as Incident, Problem or Change Management. Help and guidance information is available online, and on-demand training sessions can be arranged via User Services Division, where there is sufficient interest. UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
6 4. System Owner Responsibilities 4.1 Competencies Systems staff in IS Applications along with our infrastructure and network providers in ITI are all skilled and trained technically to support the security of the UniDesk service. As well as traditional server management, staff require a good working knowledge of the processes relating to use of UniDesk 4.2 Operations Schedules are in place for regular patches to operating systems and server software. These are detailed on the IS Intranet. Security patches are prioritised as required for components such as Shibboleth. 4.3 System documentation 4.4 Segregation of Duties Systems documentation along with service level procedures are located in the collaborative tools section of the IS wiki (Insite) which is accessible to appropriate staff at all UniDesk institutions. Service level documentation and Self-help guidance for all users is published on the IS website, and at the Using UniDesk wiki. Service level documentation is owned and maintained by IS Service Management. User help topics are owned and maintained by IS User Services. Additional internal user support documentation may be located on the User Services knowledge base. Access to this is controlled by IS User Services IS Technical and Support staff have administrator privileges on the system as described in 3.6 above. IS Applications Service Management permit administrator Operator access to the web interface as required, with appropriate authorisation. Technology Management internally manage Administrator Console access for the production services and access to this would be granted only by senior IS staff approval (such as to Development teams during project work). All users login to the system via Shibboleth, which at Edinburgh is authenticated via EASE. At other institutions, other single sign on services are used. 4.5 Security incidents Security incidents are raised with IS IRT team to take the appropriate action, with support from other IS areas as required. Incidents raised with IS IRT are not accessible to other operators. UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
7 4.6 Fault/problem reporting 4.7 Systems development Faults and problems should be reported to the IS Helpline who would then escalate to 2nd and 3rd line support if necessary. IS Helpline have established support procedures in place, to continue providing support in the event that UniDesk is itself unavailable. Key contacts at other institutions may contact 2 nd line directly, though they are encouraged to go via the IS Helpline. Additionally, there is some server side monitoring which may help to proactively identify issues. Changes to the UniDesk service are managed by a Change Advisory Board containing representation from all institutions. Smaller developments (i.e days effort) such as service improvements are prioritised and managed through service calls between IS teams and the business accordingly. All planned changes are communicated, recorded, and any known user impact is published to IS alerts. Larger developments (10 days or more effort) are managed through a project cycle (following IS Applications methodology). A range of online project tools and templates provide a framework for managing new developments. All work is quality checked by project stakeholders at key stages of the project. Changes being applied to the UniDesk system, other than standard changes, are tested in a test environment before being deployed onto the live systems. UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
8 5. System Management 5.1 User account management End user (Self Service) accounts are driven by automated data feed (at Edinburgh from the IDMS) including creation and archiving old accounts. Operator accounts are created manually, and archived manually. At Edinburgh, permissions to do this are intended to be devolved to each individual Operator Group using the Team Admin role. At other institutions, centralised local administrators are able to manage Operators and Groups. 5.2 Access control Admin level access is granted following a manual process as described in 3.6 and again in 4.4 above. End users entitled to use Self Service are granted user level access to their own accounts automatically. Operator level users are managed by Team Admins at Edinburgh, and by local administrators at other institutions. 5.3 Access monitoring There is auditing on most changes saved to UniDesk. Access is controlled as above, but not directly audited. 5.4 Change control UniDesk has change processes documented on the IS Intranet: 5.5 Systems clock synchronisation 5.6 Network management 5.7 Business continuity +and+change+process System clock is set at the server level, and is synchronised to UTC. All network activities are carried out by ITI Communications Infrastructure. Refer to the code of practice for University network systems. Special routing for mail relays is arranged in conjunction with ITI UNIX for external institutions. UniDesk is a priority 2 application. IS Applications will therefore recover service within its defined protocols. The full infrastructure is mirrored, including databases. There is a manual failover arrangement. 5.8 Security Control Access is via https, incoming IMAP mail connections use SSL UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
9 6. Third Party 6.1 Outsourcing There is no outsourcing of responsibility for hosting, running or maintaining of the UniDesk service, other than as may be defined by dependent services, and which would be subject to relevant regulations and codes of practice. 6.2 Contracts and Agreements 6.3 Compliance with the university security policy UniDesk is provided to several members and partners by University of Edinburgh. Service levels are set in Service Level Agreements, which are stored on the IS intranet. UniDesk as provided to external organisations does not contain Edinburgh University data. Where external parties may be granted Operator level access to the live Edinburgh environment, this will be subject to agreement including computing regulations. User level access may technically be available to users not currently members of Edinburgh University, such as Applicants, Alumni and some Visitors. However, user level access is to own incidents only, and subject to computing regulations. 6.4 Personal data Edinburgh University data is not expected to be made available to third parties, other than as described above. If this were to be required it would be arranged to comply with University governance and Policies. UniDesk CoP v1.1 03/04/2013 based on Template, Version Jun
Use of Exchange Mail and Diary Service Code of Practice
Use of Exchange Mail and Diary Service Code of Practice Introduction This code of practice outlines the support mechanisms in place for the security of the Exchange mail and diary service. References are
More informationUse of (Central) Load Balancers Code of Practice
Use of (Central) Load Balancers Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this
More informationUse of (Central) Load Balancers Code of Practice
Use of (Central) Load Balancers Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this
More informationUse of Checkpoint Firewall Code of Practice. This code of practice is also qualified by The University of Edinburgh computing regulations, found at:
Use of Checkpoint Firewall Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this document.
More informationUse of EASE Code of Practice. This code of practice is also qualified by The University of Edinburgh computing regulations, found at:
Use of EASE Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this document. http://www.ed.ac.uk/schools-departments/information-services/about/policiesandregulations/security-policies/security-policy
More informationCoP Template, Version 1.4 20 Jun 2011 1
Use of IDM Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this document. http://www.ed.ac.uk/schools-departments/information-services/about/policiesandregulations/security-policies/security-policy
More informationUse of The Information Services Active Directory Service (AD) Code of Practice
Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be
More informationUse of The Information Services Electronic Journals Service Code of Practice
Use of The Information Services Electronic Journals Service Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationSECURITY DOCUMENT. BetterTranslationTechnology
SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of
More informationCall Management System (CMS) Functional Specification
Call Management System (CMS) Functional Specification CMS Terminology Some of the terminology used in the context of the CMS may differ from that of common ITIL terminology, see below for definitions of
More informationPrivate Runtime Environment
Private Runtime Environment 1. Principles A Private Runtime Environment (PRE) is an environment which enables Contractors to locate their resources in a segregated environment within premises provided
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationAudit and Risk Management Committee. IT Security Update
Audit and Risk Management Committee 26 th February 2015 IT Security Update Description of paper 1. The purpose of this paper is to update the Committee on current security issues and what steps are being
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationService Desk as a Service
Service Desk on Command A Steria Cloud Services Offering Service Name Service Desk on Command Service Desk as a Service Type of Service: IaaS PaaS SaaS Specialist Services Deployment Model: Public Private
More informationDraft Information Technology Policy
Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationHydrant E-Learning Management System (HELMS)
Hydrant E-Learning Management System (HELMS) service definition v6.1 Page 1 Service overview Hydrant offer an e-learning Management System (HELMS) on which a variety of e-learning solutions can be built
More informationIDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator
IDENTITY MANAGEMENT ROLLOUT: IN A HURRY Jason Blackader, UNIX Systems Administrator Undergraduate, Graduate, Continuing Ed Industrial Design, Communication Design, Design Sciences, Arts & Media Two Campuses
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationPREMIUM MAIL ADMINISTRATOR GUIDE
PREMIUM MAIL ADMINISTRATOR GUIDE WHO THIS USER GUIDE IS FOR This document is for the: Administrator of the BigPond Premium Mail service. Users who have purchased the Solo Manager or a Solo Manager Plus
More informationG-Cloud Managed Exchange SaaS. Service Description
G-Cloud Managed Exchange SaaS Service Description Version No: 5.0g Date: 08/04/2014 Table of Contents FEATURES... 3 OPTIONAL FEATURES... 4 BENEFITS... 4 CONNECTED SERVICES... 4 SERVICE REQUIREMENTS...
More informationSecure Data Hosting. Your data is our top priority.
Secure Data Hosting Your data is our top priority. ESO s world-class security infrastructure is designed to provide data redundancy, security and availability while keeping sensitive HIPAA and PHI information
More information#define. What is #define
#define What is #define #define is CGI s production system for Application Management and Development, offered in the context of software as a service. It is a project management tool, configuration management
More informationTable of Contents. Page 1 of 6 (Last updated 30 July 2015)
Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational
More informationSTANDARD ON LOGGING AND MONITORING
EUROPEAN COMMISSION DIRECTORATE-GENERAL HUMAN RESOURCES AND SECURITY Directorate DS - Security Coordination and Informatics Security Brussels, 27/09/2010 HR.DS5 ARES (2010) 630327 SEC20.10.05/04 - Standards
More informationHIPAA Security Rule Compliance and Health Care Information Protection
HIPAA Security Rule Compliance and Health Care Information Protection How SEA s Solution Suite Ensures HIPAA Security Rule Compliance Legal Notice: This document reflects the understanding of Software
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationSupportDesk Extensions Installation Guide Extension Service - Versions 6.9 8.5
SupportDesk Extensions Installation Guide Extension Service - Versions 6.9 8.5 Richmond Systems Ltd, West House, West Street, Haslemere, Surrey, GU27 2AB Tel: +44 (0)1428 641616 - Fax: +44 (0)1428 641717
More informationAlwaysMail. Sector 5. Cloud E-Mail
AlwaysMail Sector 5 Cloud E-Mail INDEX INDEX 2 SECTOR 5 COMPANY PROFILE 3 Background Company Name & Address 3 1. SECTOR 5 HOSTED E-MAIL OFFERING 4 2. MICROSOFT HOSTED EXCHANGE 5 3. HOW WE MIGRATE COMPANIES?
More informationMicrosoft Windows Client Security Policy. Version 2.1 POL 033
Microsoft Windows Client Security Policy Version 2.1 POL 033 Ownership Policy Owner: Information Security Manager Revision History Next Review Date: 2 nd April 2015 Approvals This document requires the
More informationPREMIUM MAIL USER GUIDE
PREMIUM MAIL USER GUIDE WHO THIS USER GUIDE IS FOR This document is for users of BigPond Premium Mail. It describes the features of BigPond Premium Mail from a user s perspective. It contains: A general
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationSHARPCLOUD SECURITY STATEMENT
SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud
More informationSecurity FAQs (Frequently Asked Questions) for Xerox Remote Print Services
Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services February 30, 2012 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation
More informationActive Directory Requirements and Setup
Active Directory Requirements and Setup The information contained in this document has been written for use by Soutron staff, clients, and prospective clients. Soutron reserves the right to change the
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationUDiMan. Introduction. Benefits: Name: UDiMan Identity Management service. Service Type: Software as a Service (SaaS Lot 3)
UDiMan Name: UDiMan Identity Management service Service Type: Software as a Service (SaaS Lot 3) Introduction UDiMan is an Enterprise Identity Management solution supporting mission critical authentication
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationUniversity of Edinburgh. Performance audit. Date: 01-07-2015. Niels van Klaveren Kasper van der Leeden Yvette Vermeer
University of Edinburgh Performance audit Date: 01-07-2015 By: Niels van Klaveren Kasper van der Leeden Yvette Vermeer Contents Summary... 3 Background... 4 Why... 4 Who... 4 When... 4 What... 4 How...
More informationSmart Business Architecture for Midsize Networks Network Management Deployment Guide
Smart Business Architecture for Midsize Networks Network Management Deployment Guide Introduction: Smart Business Architecture for Mid-sized Networks, Network Management Deployment Guide With the Smart
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationBusiness process efficiency is improved with task management, alerts, notifications and automated process workflows.
UNCLASSIFIED 23/02/2015 v3.3 Cobweb Hosted SharePoint 3.0 Service Description Cobweb Hosted SharePoint is a web-based document collaboration tool that helps you maximise productivity in a truly flexible,
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationExternal Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210
More informationCORISECIO. Quick Installation Guide Open XML Gateway
Quick Installation Guide Open XML Gateway Content 1 FIRST STEPS... 3 2 INSTALLATION... 3 3 ADMINCONSOLE... 4 3.1 Initial Login... 4 3.1.1 Derby Configuration... 5 3.1.2 Password Change... 6 3.2 Logout...
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationEmpLive Technical Overview
Version 1.6 Updated 27/08/2015 Support: +61 2 8399 1688 Email: support@wfsaustralia.com Website: wfsaustralia.com Legal Notice Copyright WFS: A WorkForce Software Company. All Rights Reserved. By receiving
More informationProtect Everything: Networks, Applications and Cloud Services
Protect Everything: Networks, Applications and Cloud Services Tokens & Users Cloud Applications Private Networks Corporate Network API LDAP / Active Directory SAML RADIUS Corporate Network LDAP / Active
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationOPTAC Fleet Viewer. Instruction Manual
OPTAC Fleet Viewer Instruction Manual Stoneridge Limited Claverhouse Industrial Park Dundee DD4 9UB Help-line Telephone Number: 0870 887 9256 E-Mail: optac@stoneridge.com Document version 4.0 Part Number:
More informationHP IMC Firewall Manager
HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this
More informationITAR Compliant Data Exchange
ITAR Compliant Data Exchange Managing ITAR Data Across Collaborative Project Teams WebSpace Customers Aerospace & Defense Manufacturing High Tech & Contract Manufacturing Automotive Manufacturing Medical/
More informationInformation Technology Internal Controls Part 2
IT Controls Webinar Series Information Technology Internal Controls Part 2 Presented by the Arizona Office of the Auditor General October 23, 2014 Part I Overview of IT Controls and Best Practices Part
More informationSETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.
SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR. 1. Setting up your network to allow incoming connections on ports used by Eyemax system. Default ports used by Eyemax system are: range of ports 9091~9115
More informationData Execution Prevention DEP should NOT be turned on for all programs as this can cause access violations when running EXO
RE: IT Requirements for Momentum and MYOB EXO Software The purpose of this document is to provide important information about the IT environment and deployment of MYOB EXO Software. We hope this document
More informationInsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?
What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationIntroducing the FirePass and Microsoft Exchange Server configuration
Deployment Guide Deploying Microsoft Exchange Server/Outlook Web Access and F5 s FirePass Controller Introducing the FirePass and Microsoft Exchange Server configuration Welcome to the FirePass Exchange
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationIBM Security QRadar SIEM Version 7.1.0 MR1. Administration Guide
IBM Security QRadar SIEM Version 7..0 MR Administration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 07. Copyright
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationFollow these steps to configure Outlook Express to access your Staffmail email account:
Windows Instructions (This documentation is based on Outlook Express version 6). Outlook Express is no longer a recommended email client as it can cause unnecessary network traffic and server overload.
More informationIntroduction to the Mobile Access Gateway
Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationWhite Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements
White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements The benefits of QRadar for protective monitoring of government systems as required by the UK Government Connect
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationThe University of Information Technology Management System
IT Monitoring Code of Practice 1.4 University of Ulster Code of Practice Cover Sheet Document Title IT Monitoring Code of Practice 1.4 Custodian Approving Committee Deputy Director of Finance and Information
More informationSERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES
SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES This Product Schedule Terms & Conditions is incorporated into a Services Agreement also comprising the General Terms and Conditions which the Customer
More informationArchitecture, Implementations, Integrations, and Technical Overview
Architecture, Implementations, Integrations, and Technical Overview Introduction System Architecture & Infrastructure Implementation Parent Portal Medical Center Strategy Integrations SIS Immunization
More informationMicrosoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy
Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale Reading RG7
More informationGuardian365. Managed IT Support Services Suite
Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service
More informationManaging internet security
Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further
More informationLibrary Systems Security: On Premises & Off Premises
Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information
More informationBlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationExternal Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010
More informationAlliance Key Manager A Solution Brief for Technical Implementers
KEY MANAGEMENT Alliance Key Manager A Solution Brief for Technical Implementers Abstract This paper is designed to help technical managers, product managers, and developers understand how Alliance Key
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More informationHow to complete the Secure Internet Site Declaration (SISD) form
1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,
More informationFederated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications
Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access
More informationCERN Single Sign On solution
CERN Single Sign On solution Emmanuel Ormancey System Architect, CERN IT/IS CERN, Route de Meyrin, CH-1211 Geneva 23, Switzerland E-mail: Emmanuel.Ormancey@cern.ch Abstract. The need for Single Sign On
More information