EA-POL-015 Enterprise Architecture - Encryption Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "EA-POL-015 Enterprise Architecture - Encryption Policy"

Transcription

1 Technlgy & Infrmatin Services EA-POL-015 Enterprise ure - Encryptin Plicy Authr: Craig Duglas Date: 17 March 2015 Dcument Security Level: PUBLIC Dcument Versin: 1.0 Dcument Ref: EA-POL-015 Dcument Link: cntent/uplads/sites/4/2015/03/ea-pol-015-enterprise- ure-encryptin-plicy.pdf Review Date: March 2016

2 EA-POL-015 Enterprise ure - Encryptin Plicy Purpse The purpse f this plicy is t prvide Plymuth University with guidance n the use f encryptin t prtect the Universities infrmatin resurces that cntain, prcess r transmit infrmatin classified as standard r restricted. Audience The intended audience fr this plicy are all Plymuth University emplyees, students and ther affiliated partners, including cntractrs. Scpe This plicy applies t all Plymuth University emplyees, students and ther affiliated partners, including cntractrs where they are wrking with, prcessing, string r mving University data assets. It addresses encryptin plicy and cntrls fr standard and restricted data that is at rest (including prtable devices and remvable media), data in transit (transmissin security), and encryptin key standards and management. Plicy Encryptin Strength Plymuth University will use FIPS validated technlgies (e.g. Advanced Encryptin Standard (AES), Triple Data Encryptin Standard (3DES) 1 (Triple Data Encryptin Algrithm (TDEA)), etc.) technlgies fr encrypting infrmatin classified as standard r restricted data under the Plymuth University Data Classificatin and Management Plicy (EIM-POL-001), unless dcumented thrugh an exceptin prcess. Symmetric cryptsystem key lengths must be at least 192 bits r strnger fr bth standard and restricted data. Asymmetric cryptsystem keys must be f a length that yields equivalent strength (e.g. the US Natinal Institute fr Science and Technlgy (NIST) states that an apprximate equivalencies f 256 bit symmetric = bit asymmetric length 2 ). T cmply with this plicy: All encryptin mechanisms implemented t cmply with this plicy supprt a minimum f but nt limited t AES 192-bit encryptin. The use f prprietary encryptin algrithms are nt allwed fr any purpse, unless reviewed by qualified experts independent f the vendr in questin and apprved by the Plymuth University Enterprise Security. Plymuth University s key length requirements will be reviewed annually and upgraded as technlgy allws. Data at Rest Hard drives which d nt benefit frm full disk encryptin may have encrypted partitins, the remainder f the disk maybe be lgically separated but remain unencrypted, r may cnnect (r munt) ther unencrypted devices. This culd lead t infrmatin leakage between the secured and unsecured areas and will ptentially disclse vulnerable infrmatin if interrgated. The hard drives unencrypted aut-recvery flder may retain unencrypted versins r fragments f files that have been saved t the encrypted prtin f the disk r USB. The use f full disk encryptin avids this prblem, and is currently the nly suitable slutin apprved by Plymuth University. 1 Three 64 bit keys are used, instead f ne, fr an verall key length f 192 bits (the first encryptin is encrypted with secnd key, and the resulting cipher text is again encrypted with a third key) 2 NIST Special Publicatin Recmmendatin fr Key Management Part 1: General (Revisin 3). Barker, Barker Burr, Plk and Smid. Page 2 f 6

3 EA-POL-015 Enterprise ure - Encryptin Plicy Systems that are likely t hld infrmatin, which is classified as standard r restricted and wned r cntrlled by Plymuth University, must be prtected at rest by: Full disk encryptin Firewalls with strict auditable access cntrl that authenticates the identity f individuals accessing the data. Cmplex passwrd prtectin, as defined in Plymuth University Infrmatin Security Plicy Supprting Dcumentatin SEC-GDL-003 University Accunt Passwrds 3, shuld be used in cnjunctin with encryptin and access cntrl. Passwrd cntrl alne is nt an acceptable alternative t prtecting standard r restricted infrmatin. Backup slutins, irrespective f media and lcatin must be prtected using at least AES 192-bit algrithm based encryptin techniques. All cmputer hard drives r ther strage media that have been encrypted r nt shall be sanitised prir t resale r destructin in accrdance with the Data Destructin Plicy and assciated standard. Prtable Devices Prtable devices represent a specific categry f device that cntain data-at-rest. A large prprtin f infrmatin security incidents invlving unauthrised expsure f restricted data are as a result f lst r stlen prtable cmputing devices. The best way t prevent these incidents is t avid string standard r restricted data n such devices. Restricted data must nt be cpied r stred n a prtable r nn-university wned cmputing device. Hwever, in practice, where a secured remte cnnectin t a University device is nt suitable, the use f encryptin techniques will reduce the risk f unauthrised disclsure in the event f lss r theft. When standard r restricted data is t be stred n prtable cmputing equipment (including but nt limited t laptps, tablets, smart phnes, external hard drives, USB keys etc.): Permissin must be btained by the infrmatin wner t d s The devices in questin must be encrypted using methds and prducts apprved by Plymuth University Enterprise Security. The devices in questin, where apprpriate, must have additinal security mechanisms in place such as firewall, anti-virus/anti-malware, prper passwrd prtectin, be fully security patched fr all resident sftware and have unnecessary services and cmmunicatin prts and prtcls switched ff. Remvable media, including but nt limited t ptical disks, USB memry drives, tape etc. must be encrypted and stred in a secure lcked lcatin. Transprtatin f remvable media by a 3 rd party must be dne in a secure manner and a data handling audit trail must be recrded. Prtable media cntaining standard r restricted infrmatin must be in the pssessin f an authrised user at all times (e.g. must nt be checked in with luggage during transit). 3 University-Accunt-Passwrds.pdf Page 3 f 6

4 EA-POL-015 Enterprise ure - Encryptin Plicy The recipient f the remvable media must be identified t ensure the persn requesting the data is the ne claimed. Plymuth University will audit encrypted devices and validate implementatin f encryptin prducts at regular intervals. These devices must nt be used fr lng-term strage f such data, when the data has been prcessed it is the users respnsibility t ensure it has been deleted frm the strage media. Transmissin Security Users will fllw the Plymuth University Enterprise ure Plicy Data Transfer (EA-POL-012) when transmitting data and must take particular care when transmitting r re-transmitting restricted infrmatin. Infrmatin wned by 3 rd parties must nly be transmitted with the wners apprval and is subject t any additinal plicies they may have in place. Standard r restricted infrmatin transmitted by must be encrypted, with the apprpriate passwrd being delivered using a different medium. Standard r restricted infrmatin transmitted thrugh a public netwrk must be encrypted r transmitted thrugh an encrypted tunnel, such as a SSL r IPSec secured Virtual Private Netwrk (VPN). Transmitting unencrypted restricted infrmatin thrugh the use f web sftware is nt permitted. Sharing standard r restricted infrmatin ver Peer-t-Peer (P2P) file-sharing prgrams requires specific authrisatin in writing frm bth the University Data Prtectin Officer and Enterprise Security ; this will be reprted t the Chief Infrmatin Officer fr sign ff befre transmissin can start. Wireless transmissin (Wi-Fi) used t access Plymuth University prtable cmputing devices r internal netwrks must be encrypted using IEEE i WPA2 (AES) r better. Plymuth University permits the secure encrypted transfer f infrmatin ver the Internet using file transfer prgrams such as Secured File Transfer Prtcl (SFTP ver Secure Shell (SSH)) and Secure Cpy (SCP). Only authrised devices may perfrm the SSH/SCP peratins, these must be maintained by Technlgy and Infrmatin Systems and are fr the use f authrised users nly and are subject t the fllwing cnditins: Annymus FTP is nt permitted. Standard FTP is nt encrypted and must nt be used n any Internet facing systems r where standard r restricted data is being transmitted. All accunts and keys must be stred and managed frm within the Plymuth University netwrk All transactins and transfers must be lgged, and reviewed fr prhibited activity All files cntained within the managed system r users prfile must be deleted within seven days after they are delivered r made available fr retrieval. Encryptin Key Management Effective key management is essential fr ensuring the security and cmpliance f any encryptin system. Key management prcedures must ensure that authrised users can access and decrypt all encrypted data using cntrls that meet peratinal needs and cmply with data retentin requirements. Plymuth University key management systems will: Page 4 f 6

5 EA-POL-015 Enterprise ure - Encryptin Plicy Use prcedures that enfrce least privilege cncepts and prmte separatin f duty fr supprt persnnel. Have verifiable backup slutins fr Key passwrds, files and ther related backup cnfiguratin data Ensure keys will be transmitted securely nly when the requestr is authrised t receive them and has been identified as that individual. Adpt key management tls which are fully autmated, staff must nt have the pprtunity t expse the key r influence its creatin Make prvisin such that keys in strage and transit must themselves be encrypted. Private keys must be kept cnfidential Keys must be randmly generated using hardware based randmisatin Key used fr the encrypting f ther keys must be maintained separately frm data keys A cmplete audit trail f all key management activities must be maintained and stred securely as defined in the Recrds Retentin Data Strage Schedule. Exceptin Management Exceptins t this plicy may be granted using the Enterprise ure Waiver Prcess and will be cnsidered by the Enterprise Security n merit, risk t University classified standard r restricted infrmatin, as well as alignment with the verall security architecture. Failure t cmply with this plicy may lead t the slutin architecture being rejected during Enterprise ure review, returned fr rewrk r placed n hld. In circumstances where failure t cmply leads t a breach f infrmatin security r f significant risk f the same, disciplinary actin may be taken due t the terms f emplyment being breached. In additin, any systems cnfigured in a manner that cntravenes this plicy and ther related plicies will be disabled pending investigatin. Supprting Dcumentatin This plicy is supprted by established Enterprise ure dcuments, namely: Enterprise ure Principles - Principle 8: Data Security Security must be designed int data elements frm the beginning; it cannt be added later. Systems, data, and technlgies must be prtected frm unauthrised access and manipulatin. Vice Chancellr s Executive infrmatin must be safeguarded against inadvertent r unauthrised alteratin, sabtage, disaster, r disclsure. Enterprise ure Principles - Principle 9: Data is an Asset Accurate, timely data is critical t accurate, timely decisins. Mst crprate assets are carefully managed, and data is n exceptin. Data is the fundatin f ur decisin-making, s we must als carefully manage data t ensure that we knw where it is, can rely upn its accuracy, and can btain it when and where we need it, in ding s data assets can prvide additinal value t academic and research endeavrs. Page 5 f 6

6 EA-POL-015 Enterprise ure - Encryptin Plicy Enterprise ure Principles - Principle 10: Data is Shared Data where applicable, will be available externally t the enterprise. This will affrd bth rich service prvisin als the ability t perfrm research cllabratively with partners. Enterprise ure Principle Principle 11: Data is Accessible Wide access t data leads t efficiency and effectiveness in decisin-making, and affrds timely respnse t infrmatin requests and service delivery. Using infrmatin must be cnsidered frm an enterprise perspective t allw access by a wide variety f users. Staff time is saved and cnsistency f data is imprved. Enterprise ure Principles Principle 17: Data will be Analysable Data assets prvide invaluable infrmatin t the enterprise fr research and business intelligence decisin-making when gathered, stred and accessed crrectly. EA-POL-012 Enterprise ure Plicy Data Transfer Secure prtcls will always be used in preference ver unsecured prtcls fr data transmissin. If n secured prtcl is available then a secured tunneling (IPSec r SSL VPN) technique must be utilised t prevent infrmatin being transmitted in plain sight f netwrk users. SEC-GDL-003 University Accunt Passwrds University passwrd requirements EIM-POL Data Classificatin and Management Plicy 3. Assigning classificatin levels Dcument Cntrl Versin Authr Psitin Details Date/Time Apprved by Psitin Date/Time 0.1 Craig Duglas Enterprise Initial Dcument 18 September Craig Duglas Enterprise Update fllwing EAP 13 Octber 2014 Review 0.3 Craig Duglas Enterprise Updated Template 14 January Paul Ferrier Enterprise Security 1.0 PW, AH, GB, CD, PF IT Directr, HS, EA Updated a number f links Apprved plicy 12 February March 2015 Paul Westmre IT Directr 13/03/ :25 Page 6 f 6

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

DisplayNote Technologies Limited Data Protection Policy July 2014

DisplayNote Technologies Limited Data Protection Policy July 2014 DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Unified Infrastructure/Organization Computer System/Software Use Policy

Unified Infrastructure/Organization Computer System/Software Use Policy Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

System Business Continuity Classification

System Business Continuity Classification Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

New York Institute of Technology Faculty and Staff Email Retention Policy

New York Institute of Technology Faculty and Staff Email Retention Policy New Yrk Institute f Technlgy Faculty and Staff Email Retentin Plicy Nvember 2013 I. PURPOSE As electrnic mail (email) has becme the primary frm f cmmunicatin at NYIT and thrughut the wrld, the vlume f

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

Corporate Credit Card Policy

Corporate Credit Card Policy Plicy N: 13 Crprate Credit Card Plicy CONTROL: Plicy Type: Authrised by: Head f Pwer: Financial Cuncil Nt Applicable Respnsible Officer: Crprate and Cmmunity Manager Respnsibilities: Review and implement

More information

Electronic and Information Resources Accessibility Compliance Plan

Electronic and Information Resources Accessibility Compliance Plan Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise

More information

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE AUDIT AND RISK COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE Audit and Risk Cmmittee 2. ESTABLISHMENT The Audit and Risk Cmmittee is established under Part 3 Sectin 19(1) f the Charles Darwin University

More information

POLICY INTERNET - ACCEPTABLE USE

POLICY INTERNET - ACCEPTABLE USE POLICY Dc. Cde: IS I5 INTERNET - ACCEPTABLE USE Applicable t: MidCentral DHB Including MidCentral Health & Enable NZ Issued by: Infrmatin Systems Cntact: Manager Service Delivery 1. PURPOSE This plicy

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

A. Early Case Assessment

A. Early Case Assessment Electrnic Discvery Reference Mdel Standards fr the identificatin f electrnically stred infrmatin in discvery http://www.edrm.net/resurces/standards/identificatin A. Early Case Assessment Once a triggering

More information

Information & Communications Technology ICT Security Compliance Guide (Student)

Information & Communications Technology ICT Security Compliance Guide (Student) Infrmatin & Cmmunicatins Technlgy ICT Security Cmpliance Guide (Student) RESTRICTED Dcument ID: ICT-SSG Versin 1.1 Effective Date 1 Nv 2011 Dcument Cntrl Revisin Histry Versin Date Descriptin Authr 1.0

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

CPIT Aoraki ICT Asset and Media Security Standard

CPIT Aoraki ICT Asset and Media Security Standard CPIT Araki Crprate Services Divisin: ICT This security standard refers t CPIT, which is the current legal name fr the new rganisatin established 1 January 2016 bringing tgether CPIT and Araki Plytechnic.

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015 ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY Gvernrs Cmmittee: Finance and General Purpses Apprved by Gverning Bdy n: 6 th May 2015 Signed: (Chair f Cmmittee) Signed: (Headteacher) Date t be

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH)

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) Murugiah Suppaya, Karen Scarfne, 1 and Larry Feldman, 2 Editrs Cmputer Security Divisin Infrmatin

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

Employees - recruitment, records and monitoring

Employees - recruitment, records and monitoring Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

IMPLEMENTATION DETAILS

IMPLEMENTATION DETAILS Plicy: Title: Status: 1. Intrductin ISP-I10 Payment Card Security Apprved Infrmatin Security Plicy Dcumentatin IMPLEMENTATION DETAILS 1.1. This dcument supprts implementatin f the "Payment Card Industry

More information

In addition to assisting with the disaster planning process, it is hoped this document will also::

In addition to assisting with the disaster planning process, it is hoped this document will also:: First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16 Yu must read and agree t fllw the netwrk rules belw t use yur netwrk accunt r access the internet. Nrwd Public Schls makes available t students access t cmputers and the Internet. Students are expected

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

CSC IT practix Recommendations

CSC IT practix Recommendations CSC IT practix Recmmendatins CSC Healthcare 28th January 2014 Versin 3 www.csc.cm/glbalhealthcare Cntents 1 Imprtant infrmatin 3 2 IT Specificatins 4 2.1 Wrkstatins... 4 2.2 Minimum Server with 1-5 wrkstatins

More information

Process Safety Management Program for Contractors

Process Safety Management Program for Contractors Page 1 f 6 Sect: 1.0 Purpse 2.0 Scpe This sectin cntains requirements fr Ardent (Cntract Emplyer) and ur subcntractrs fr the purpse f assisting ur clients in preventing r minimizing the cnsequences f catastrphic

More information

2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY

2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY 2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY OFFICE OF INFORMATION TECHNOLOGY AUGUST 2008 Executive Summary The mst recent CSU Stanislaus infrmatin technlgy (IT) plan was issued in 2003.

More information

Environmental, Health & Safety Management System (EMS) Documents and Records Management Procedure

Environmental, Health & Safety Management System (EMS) Documents and Records Management Procedure Envirnmental, Health & Safety Management System (EMS) Dcument N.: 01005 Revisin N.: 10 Dcuments and Recrds Management Prcedure Revised: 03/06/2015 Reviewed: 01/26/2015 Prepared By: Liske, Kurt Apprved

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

THIRD PARTY PROCUREMENT PROCEDURES

THIRD PARTY PROCUREMENT PROCEDURES ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central

More information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010 OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity

More information

CORPORATE CREDIT CARD POLICY

CORPORATE CREDIT CARD POLICY TITLE: POLICY OWNERS: DATE INSTITUTED: May 1, 2008 CURRENT VERSION: Ver. 1.6 REVISION DATE: July 1, 2015 Crprate Credit Card Plicy Melissa Cluse, Vice President & Cntrller Cindy Klein, Accunts Payable

More information

IMT Standards. Standard number A000014. GoA IMT Standards. Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical

IMT Standards. Standard number A000014. GoA IMT Standards. Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical IMT Standards IMT Standards Oversight Cmmittee Gvernment f Alberta Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical Standard number A000014 Electrnic Signature Metadata

More information

Purpose Statement. Objectives

Purpose Statement. Objectives Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

OITS Service Level Agreement

OITS Service Level Agreement OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.

More information

Name. Description. Rationale

Name. Description. Rationale Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based

More information

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

NHVAS Mass Management Spot Check Checklist

NHVAS Mass Management Spot Check Checklist Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel AL 96-7 Subject: Credit Card Preapprved Slicitatins TO: Chief Executive Officers f all Natinal Banks, Department and Divisin Heads, and all Examining Persnnel PURPOSE The purpse f this advisry letter is

More information

Information Security Policy

Information Security Policy Infrmatin Security Plicy Last updated: 09 March 2010 Plicy Assigned t: Chief Infrmatin Officer, ICT Table f Cntents 1. Overview... 2 2. Backgrund... 2 3. Cverage... 2 4. Definitins... 3 5. Risk Assessment

More information

State of North Carolina. Statewide Information Security Manual. Prepared by the Enterprise Security and Risk Management Office

State of North Carolina. Statewide Information Security Manual. Prepared by the Enterprise Security and Risk Management Office State f Nrth Carlina Statewide Infrmatin Security Manual Prepared by the Enterprise Security and Risk Management Office Publicatin Date: January 2015 1 This page intentinally left blank 2 TABLE OF CONTENTS

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

ensure that all users understand how mobile phones supplied by the council should and should not be used.

ensure that all users understand how mobile phones supplied by the council should and should not be used. Mbile Phne Plicy & Guidance Intrductin This plicy is designed t safeguard bth the cuncil and users f mbile phnes supplied by Angus Cuncil. It aims t ensure that these are used effectively, fr their intended

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

BIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements

BIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

State Fleet Card Oversight Usage and Responsibilities

State Fleet Card Oversight Usage and Responsibilities State Fleet Card Oversight Usage and Respnsibilities Intrductin The Department f General Services (DGS), Office f Fleet and Asset Management (OFAM) administers a statewide ne-prvider payment system cntract

More information

INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE

INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE Cunty f Orange Infrmatin Technlgy Usage Plicy 1 INTRODUCTION: The Cunty f Orange Infrmatin Technlgy (IT) Usage Plicy is the fundatin f the Cunty s infrmatin

More information

Flash Padlock. Self-Secured and Host-Independent USB Flash Drive White Paper. April 2007 Prepared by ClevX, LLC for Corsair Memory

Flash Padlock. Self-Secured and Host-Independent USB Flash Drive White Paper. April 2007 Prepared by ClevX, LLC for Corsair Memory Flash Padlck - White Paper Flash Padlck Self-Secured and Hst-Independent USB Flash Drive White Paper April 2007 Prepared by ClevX, LLC fr Crsair Memry 1 INTRODUCTION Millins f USB Flash Drives (UFDs) are

More information

RSA SecurID Software Token Security Best Practices Guide. Version 3

RSA SecurID Software Token Security Best Practices Guide. Version 3 RSA SecurID Sftware Tken Security Best Practices Guide Versin 3 Cntact Infrmatin G t the RSA crprate web site fr reginal Custmer Supprt telephne and fax numbers: www.rsa.cm. Trademarks RSA, the RSA Lg

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

Employee Benefits Liability Policy

Employee Benefits Liability Policy Plicy 10/3084 part 3 Emplyee Benefits Liability Plicy Summary Publicatin Date March 2015 Review Date March 2016 Related Legislatin/Applicable Sectin f Legislatin Related Plicies, Prcedures, Guidelines,

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information.

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information. POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss

More information

Getting Followers to Follow After a Sale

Getting Followers to Follow After a Sale Getting Fllwers t Fllw After a Sale 12 December 2014 Overview Scial media is a phenmenn that is gaining mmentum in ppularity by the day. Scial media prviders (SMPs) prvide services that allw users t interact

More information

Comtrex Systems Corporation. CISP/PCI Implementation Guidance for Odyssey Suite

Comtrex Systems Corporation. CISP/PCI Implementation Guidance for Odyssey Suite CISP/PCI Implementatin Guidance fr Odyssey Suite Applicable Applicatin Versin This dcument supprts the fllwing applicatin versin: Odyssey Suite Versin 2.0 Intrductin Systems which prcess payment transactins

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Managed Firewall Service Definition. SD007v1.1

Managed Firewall Service Definition. SD007v1.1 Managed Firewall Service Definitin SD007v1.1 Managed Firewall Service Definitin Service Backgrund It is imprtant t nte that the functin f any firewall service is t filter traffic cming int the netwrk (als

More information

Wadham College Information Security Policy

Wadham College Information Security Policy Wadham Cllege Infrmatin Security Plicy 1. Intrductin In July 2012 the University f Oxfrd apprved its Infrmatin Security plicy that had been created t prtect the University frm serius infrmatin security

More information

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013 Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies

More information

Password Reset for Remote Users

Password Reset for Remote Users 1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U

More information