AUTOMATED PHYSICAL ACCESS CONTROLS
|
|
- Pamela Preston
- 8 years ago
- Views:
Transcription
1 Cour Pénale Internationale International Criminal Court Administrative Instruction ICC/AI/2007/004 Date: 19/06/2007 AUTOMATED PHYSICAL ACCESS CONTROLS The Registrar, for the purposes of establishing access groups and access rights for the movement of personnel within the ICC premises, promulgates the following: Explanatory note to the Administrative Instruction The Security & Safety Section has been asked to implement physical access restrictions at floors and certain critical areas. In order to provide the authority for the SSS to implement such restrictions and ensure a manageable implementation, the SSS has drafted the present A.I. The physical access restrictions support the segregation of duties between the Organs and certain organisational units that follows from their potential conflict of interests. The restrictions also support the protection of critical areas such as technical installations, vaults and court rooms. [irinci}>li'* for physical /jarss /vs/r;vfio;/s The main criterion to determine if access will be granted is the genuine and permanent 'need to be': Does a group of workers need 24/7 unaccompanied, unrestricted and uninvited access to a floor or area? An occasional need to access a floor or area may not warrant a permanent access privilege. Workers with a permanent 'need to be' are in general the workers employed in the respective floors or areas. In addition, there will be other workers with permanent need to have immediate and unescorted access to the respective floors or areas. F.xamples of such workers are ICI' network administrators, security officers and certain general service staff. The absence of a professional need for permanent access does not mean a group of workers is not allowed access to a floor or area. Workers may still be allowed access but cannot open certain entrances with their badges. Thus, their access is subject to the discretion of the staff of the floors and areas the worker seeks access to. A word of caution ICC RESTRICTED Page 1 of 8
2 The Arc was not designed tor the Court and the Court has been retrofitted into the Arc. The access restrictions are managed by a software application with rather limited administrative capabilities. Not every access restriction desired may be technically or operationally possible to implement. For instance, the transit routes of workers to locations (for which they have a permanent need to access) may conflict with the access restrictions as desired by the organizational units along the same transit route. The physical access restrictions available at the Arc provide a relative low level of granularity. Section 1 Definitions 1.1. AAFP - Area Access Focal Point, a senior officer authorised to approve access rights requests for Staff to an Area under their responsibility ACFP - Access Control Focal Point, a senior officer that acts as the point within an organ to liaises with the SSS with regards to request for access to parts of the building 1.3. AIMS - Access and Intrusion Management System; the brand of the system in use at the Court to implement automated physical access controls Area- A floor, wing, vault or set of offices for which dedicated access rules are enforced through automated physical access controls Organizational Unit - An Organ, Division, Office, Section, Team or Unit PAID - The Pass & Identification office located at the Arc and staffed by SSS Staff - For the purposes of this Administrative Instruction, the term "staff" shall include all staff and individuals affiliated with or having a contractual relationship with the Court, such as elected officials, independent contractors, gratis personnel, interns, consultants, volunteers, interpreters, and other contractual personnel who are entrusted with authorised access to ICC Information in the course of performing their official duties. Note: Klected officials are exempt from the regular disciplinary process but not from compliance with the administrative processes of the Court SSS - Security & Safety Section of the Court. Section 2 Purpose 2.1. The International Criminal Court ("the Court") seeks to provide a safe and secure working environment in which the specific requirements for security, safety, independence, confidentiality and integrity of the judicial and administrative processes of the Organs are considered, established and maintained. Note: the physical access restrictions are put in place for the same reasons as the access restrictions in applications and network folders. ICC RESTRICTED Page 2 of 8
3 2.2. The purpose of this Administrative Instruction is to establish and maintain the protocols and division of access rights and to set out procedures for ensuring the accountability of afforded access rights This Administrative Instruction shall apply to all Staff and visitors who have been accorded physical access rights to the Court This Administrative Instruction shall apply to Court facilities that are equipped with automated physical access controls Physical access restrictions should not restrict Staff movement further than necessary for adequate security. They should be applied with caution and reason as they can impact on business efficiency and may lower the user-friendliness of the Court premises. Note: Physical access restrictions provide a low granularity and do not replace good practices as locking doors, filing documents and locking computers when absent Operational control and responsibility for programming, monitoring, interrogation and all other actions that may have an effect on the access control measures of the Court is delegated to the Chief of Security & Safety on behalf of the Registrar. Section 3 Areas 3.1. Access control shall be based on a set of Areas where each Area is defined through the set of Staff with a 'need to be' which is a permanent requirement to have unrestricted and uninvited access to the Area The main principle for the definition of Areas shall be the internal organization of the Court In order to restrict Staff movement no further than required for adequate security, Areas shall be defined as wide as possible, but as narrow as necessary. Applying too narrow an Area may impair the efficiency of the activities of the Court. Conversely, defining too wide an Area may create a risk of compromise The main Areas of the Court shall be defined by Annex A Every Area shall have a designated Area Access Focal Point (AAFP) for the purposes of approving access rights for Staff to the Area under their responsibility. Note: Fach Area has 1 'owner' and that owner is represented by the AAt-'P Any suggested amendment of Areas shall be communicated to the Chief of SSS in a timely manner, i.e. minimum of 1 week in advance of the date when the change is anticipated to take effect. Where a requested amendment necessitates alteration to or installation of new A1MSrelated infrastructure, such as badge readers, cabling, or door-set alterations, such a request should be communicated at least 3 months in advance of the anticipated date of implementation to both GSS and SSS Requested amendments are naturally governed by wider technical, operational and budgetary considerations and hence implementation cannot be guaranteed. Section 4 ICC RESTRICTED Page 3 of 8
4 Access Groups and Access Rights 4.1. Staff shall be granted access rights to Areas in line with the organizational unit in which they are employed and shall be granted access to the required work locations to reflect the function in which they are engaged. Access to the locations of other organizational units will not be granted automatically Each Organ shall be responsible for the provision of accurate and timely information on access groups and rights within the respective Organizational Unit to the Security & Safety Section (SSS) Each Organ shall designate an Access Control Focal Point (ACFP) for the purposes of requesting access rights for Staff under his/her responsibility. Note: Each Organ and Critical Area may choose to refine itselt into organizational units with regards to administration of requests for physical access, but shall provide a single point of contact with regards to the SSS The Access Groups of the Court shall be defined by Annex B. Note: All persons within a specific group are afforded equal access rights irrespective of role: all persons within such group are afforded equal access rights A request for extended access rights or the amendment or cancellation of access rights shall be provided in writing by the requesting ACFP, with the approval (in writing) of the AAFP of the Area, to the Chief of Security & Safety 2 working days in advance of anticipated implementation. Such amendment or cancellation of access rights may be based on: (a) Change of function and/ responsibility of staff; (b) Transfer of the staff member to a different Organizational Unit;. (c) Completion of employment; (d) Loss of access card; (e) Other reasonable grounds provided by the respective Staff, Human resources Section, the ACFP, the AAFP or a Head of Organ. Note: It is the 'owner' of the Area that takes the decision; hence, approval (in writing) must be sought. The SSS will act as a delegated 'owner' for certain areas such as the basement. Section 5 AIMS 5.1. AIMS shall be used as the main tool to ensure a basic level of physical segregation. The protection provided by AIMS may be increased by other means of access control, if required AIMS shall be routinely monitored, operated and controlled by the SSS of the Court, primarily via the computer interface provided at PAID The AIMS infrastructure shall be maintained and technically supported by the General Services Section (GSS) of the Court and necessary external contractors. The establishment and management of the necessary supporting contracts shall be the responsibility of GSS. Thus, the SSS shall be deemed to be the system "operator" and shall advise on the operational use of ICC RESTRICTED Page 4 of 8
5 AIMS, consistent with other security and safety considerations. GSS shall be considered the system "owner" for the purpose of maintenance, engineering and technical support The SSS shall establish a diagrammatic matrix of AIMS access groups, mapping defined access groups against badge reader access for engineering purposes. The AIMS matrix is constructed with and may only be adjusted by the SSS The AIMS matrix will provide the foundation for engineering, planning and control purposes. Note: The matrix holds the complex details of which doors can be opened with badges and needs a central administration. This provision is not prejudicial to the right of the 'area owners' to approve or disapprove access. Section 6 System Interrogation & Data Disclosure 6.1. Information on staff movements retained by AIMS will not ordinarily be made available to non-sss staff. Access by SSS staff shall be where there is a genuine "need to know". Note: An example of a genuine "need to know" would be the reconciliation of the manual logs entries on the vaults with the actual recorded badge activities with the vaults. Please mind that AIMS is not, for example, an attendance monitoring system Requests for access to AIMS data shall be made in writing to the Chief of SSS by at least a Section or Division Head. Such information will only be made available if the matter requiring further investigation has been reported to SSS. Applications for disclosure shall be assessed and authorised by the Chief of SSS To promote compliance with security regulations, AIMS data may be audited by authorised SSS personnel and disclosed to specific parties in connection with such written security regulations, for example, those regulations and procedures governing the protection of sensitive information, or specially restricted areas, such as the Court vaults. AIMS data disclosed for this purpose shall be treated with all due discretion and confidentiality by the receiving organizational unit. Section 7 Alignment with safety procedures 7.1. Any proposed changes to the placement of the hardware of the Physical Access Control System must first be risk-assessed by the Safety Officer of the SSS to ensure integration and alignment with safety procedures and general compliance with host country fire and safety regulations. The advice and agreement of the Safety Officer shall be paramount. Section 8 AIMS Cards ICC RESTRICTED Page 5 of 8
6 8.1. AIMS cards that have been inactive on the system for a period of eight weeks or more shall be disabled from AIMS by SSS. PAID shall actively review AIMS records for this purpose Staff holding an AIMS card that is nearing expiration, and their respective ACFP, shall be notified by two weeks before expiration by PAID Staff holding an AIMS card that is nearing expiration, and their respective ACFP, may request by for postponement of the expiration with another 2 months Loss or theft of AIMS cards shall be reported as soon possible to the SSS. The staff member will assist the SSS in completion of a Security Incident Report pertaining to the loss or theft Lost/stolen cards shall be disabled by SSS and the staff member shall be issued with a replacement card as soon as practicable thereafter during normal PAID working hours PAID shall be located at the entrance of the Arc building and be open during the normal business days of the Court from Staff that has misplaced their AIMS card, shall be provided with a temporary AIMS card that gives access to their Organ, but not to any other Area, with the exception of Security Staff and General Services Staff. Section 9 Final Provisions 9.1. Irrespective of AIMS, it remains the general duty of care of Staff to take reasonable steps to protect (e.g. 'not to put at risk') the assets of the Court, for example, by locking offices, safeguarding keys, protecting information, reporting incidents, adhering to established security policies and generally taking reasonable care in the execution of their duty. Note: This provision is added to make staff aware that access restrictions on floors and designated areas do not replace good practices such as a clear desk and/or locked door policy Users wishing to request exemptions to any provisions of this Administrative Instruction should do so through their supervisors by written communication to Information Security Unit of the Security and Safety Section This Administrative instruction shall be applied from the date of its signature. 'l/ls^*ts\ Bruno Cathala Registrar "" ICC RESTRICTED Page 6 of 8
Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
More information8.1.6 POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES. Policy Statement COLLEGE OF CHARLESTON POLICY ON
OFFICIAL POLICY 8.1.6 POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES 03/21/11 Policy Statement COLLEGE OF CHARLESTON POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES 1.0 PURPOSE OF POLICY The purpose
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationUniversity of Brighton School and Departmental Information Security Policy
University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives
More informationUNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C
UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information
More informationSTFC Monitoring and Interception policy for Information & Communications Technology Systems and Services
STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining
More informationTitle: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION
Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationNew River Community College. Information Technology Policy and Procedure Manual
New River Community College Information Technology Policy and Procedure Manual 1 Table of Contents Asset Management Policy... 3 Authentication Policy... 4 Breach Notification Policy... 6 Change Management
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationDHHS Information Technology (IT) Access Control Standard
DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationPolicy Document. IT Infrastructure Security Policy
Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationADMINISTRATIVE MANUAL Policy and Procedure
ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,
More informationSAMPLE TEMPLATE. Massachusetts Written Information Security Plan
SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law
More informationASSOCIATED STUDENTS, INCORPORATED CALIFORNIA STATE UNIVERSITY, LONG BEACH DATE REVISED: 04/10/2013
Cash Handling BACKGROUND AND PURPOSE...1 POLICY STATEMENT...2 WHO SHOULD KNOW THIS POLICY...2 DEFINITIONS...2 STANDARDS AND PROCEDURES...3 1.0 CONDITIONS FOR EMPLOYMENT IN CASH HANDLING ENVIRONMENT...3
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationEvergreen Solar, Inc. Code of Business Conduct and Ethics
Evergreen Solar, Inc. Code of Business Conduct and Ethics A MESSAGE FROM THE BOARD At Evergreen Solar, Inc. (the Company or Evergreen Solar ), we believe that conducting business ethically is critical
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationCONNECTICUT RIVER WATERSHED COUNCIL, INC. DOCUMENT MANAGEMENT & WRITTEN INFORMATION SECURITY POLICY
CONNECTICUT RIVER WATERSHED COUNCIL, INC. DOCUMENT MANAGEMENT & WRITTEN INFORMATION SECURITY POLICY The Council s document management policy is intended to cover all documents produced and held by the
More informationHiring Information Tracking System (HITS)
for the Hiring Information Tracking System (HITS) May 13, 2010 Contact Point Robert Parsons Director, Office of Human Capital U.S. Immigration and Customs Enforcement (202) 732-7770 Reviewing Official
More informationAGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND
AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered
More informationPBGC Information Security Policy
PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationPOL 08.00.02 Information Systems Access Policy. History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014
POL 08.00.02 Information Systems Access Policy Authority: History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014 Related Policies: NC General Statute 14-454 - Accessing
More informationUniversity of Birmingham. Closed Circuit Television (CCTV) Code of Practice
University of Birmingham Closed Circuit Television (CCTV) Code of Practice University of Birmingham uses closed circuit television (CCTV) images to provide a safe and secure environment for students, staff
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationOFFICIAL. NCC Records Management and Disposal Policy
NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationShare Trading Policy. SkyFii Limited ACN 009 264 699 (Company)
Share Trading Policy SkyFii Limited ACN 009 264 699 (Company) Table of contents 1 Purpose... 1 1.1 Scope... 1 1.2 Who does this policy apply to?... 1 1.3 Further advice... 1 2 Insider trading prohibitions
More informationINFORMATION TECHNOLOGY POLICY
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of Policy: Physical and Environmental Security Policy Domain: Security Date Issued: 06/09/11 Date Revised: 10/11/13
More informationUniversity of St Andrews Out of Hours Protocol Appendices: A- CCTV Code of Practice B- Service Level Statement
University of St Andrews Out of Hours Protocol Appendices: A- CCTV Code of Practice B- Service Level Statement 1. Context The University security service provides night and weekend cover throughout the
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationThe Use of Information Technology Policies and Policies
Information Technology Management Procedure June 1, 2015 Information Technology Management, page 1 of 7 Contents Responsibility for Local Information Technology Policies 3 Responsibility to Maintain Functionality
More informationSAMPLE NPO Fiscal Policies & Procedures
SAMPLE NPO NOTE: The most important part of developing policies and procedures is that they are discussed and agreed upon within the organization. This template is designed to be used in conjunction with
More informationOfficers Code of Conduct
Officers Code of Conduct Effective from: 17 th September 2014 Approved by Council on 17 th September 2014 1. INTRODUCTION 1.1 The Council believes that its activities demand the highest standards of confidence
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationRevised June, 2002 FACILITY ACCESS AND IDENTIFICATION BADGE POLICY AND PROCEDURES
FACILITY ACCESS AND IDENTIFICATION BADGE POLICY AND PROCEDURES August/99 Revised Oct./99 Revised Feb/2000 Revised March/2000 Revised April, 2000 Revised March, 2001 Revised May, 2001 Revised June, 2002
More informationSAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014
SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 This Notice sets forth the principles followed by United Technologies Corporation and its operating companies, subsidiaries, divisions
More informationLOBBYING DISCLOSURE IN PENNSYLVANIA 2014 ANNUAL REPORT PENNSYLVANIA DEPARTMENT OF STATE. June 2015. Tom Wolf Governor
LOBBYING DISCLOSURE IN PENNSYLVANIA 2014 ANNUAL REPORT PENNSYLVANIA DEPARTMENT OF STATE June 2015 Tom Wolf Governor Pedro A. Cortés Secretary of the Commonwealth Summary of Act 134 of 2006 This Act amends
More informationHow To Protect Research Data From Being Compromised
University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More informationData Protection Policy
Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and
More informationMEDICAL TRAINEE DATA FORM (This information is required for all medical students)
ALEXANDRA MARINE AND GENERAL HOSPITAL 120 Napier Street, GODERICH, ON N7A 1W5 (519) 524-8689 ext. 5712 Fax: (519) 524-5579 Email: amgh.administration@amgh.ca MEDICAL TRAINEE DATA FORM (This information
More informationCCTV Cameras Policy. Policy Guidelines
CCTV Cameras Policy Policy Guidelines To assist in providing the safe physical environment a CCTV surveillance system has been installed at Sydney Central on the ground floor. The area covered includes
More informationVideo surveillance policy (PUBLIC)
29 July 2015 EMA/133708/2015 Administration Division POLICY/0046 POLICY/0046 Effective Date: 01/01/2015 Review Date: 01/01/2018 Supersedes: Version 1 1. Introduction and purpose For the safety and security
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1. Purpose... 2 2. Entities Affected by This Guideline... 2 3. Definitions... 2 4. Guidelines... 3 4.1 Requesting Data Center or... 3 4.2 Requirements for Data Center or...
More informationInformatics Policy. Information Governance. Network Account and Password Management Policy
Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information
More informationAccessing Personal Information on Patients and Staff:
Accessing Personal Information on Patients and Staff: A Framework for NHSScotland Purpose: Enabling access to personal and business information is a key part of the NHSScotland Information Assurance Strategy
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationSecurity Systems Surveillance Policy
Security Systems Surveillance Policy Version: 1.0 Last Amendment: Approved by: Executive Policy owner/sponsor: Director, Operations and CFO Policy Contact Officer: Manager, Facilities & Security Policy
More informationTHE USE OF PHYSICAL FORCE AND OF FIREARMS BY ICC SECURITY OFFICERS. Section 1. Purpose of this Administrative Instruction
Cour Pénale Internationale International Criminal Court Administrative Instruction ICC/AI/2004/003 Date: 20 April 2004 THE USE OF PHYSICAL FORCE AND OF FIREARMS BY ICC SECURITY OFFICERS Section 1 Purpose
More informationData Centre & Facilities Access Procedures
University of Manitoba - Information Services & Technology Data Centre & Facilities Access Procedures Effective Date: Review Date: Approving Body: Applies to: March 1, 2012 March 1, 2017 Mike Langedock,
More informationUNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012
UNIVERSITY COLLEGE LONDON CCTV POLICY Endorsed by the Security Working Group - 17 October 2012 Endorsed by the Infrastructure IT Services Strategy Group - 18 October 2012 Reviewed and endorsed (with one
More informationPolicy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors
TITLE: Access Management Policy #: Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors Purpose The purpose of this policy is to describe
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationPhysical Security Policy Template
Physical Security Policy Template The Free iq Physical Security Policy Generic Template has been designed as a preformatted framework to enable your Practice to produce a Policy that is specific to your
More informationLauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.
Document No: IG10d Version: 1.1 Name of Procedure: Third Party Due Diligence Assessment Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationIntroduction to the NHS Information Governance Requirements
Introduction to the NHS Information Governance Requirements 2 Version April 2014 Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. The widely
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationADMINISTRATIVE ASSISTANT/RECEPTIONIST
ADMINISTRATIVE ASSISTANT/RECEPTIONIST Responsible to: Grade: Hours of Work: Weeks per year: Examinations and Administration Manager L2 Monday to Friday 09.00am 17.00pm Term time only including 5 training
More informationUNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
More informationThis interpretation of the revised Annex
Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation
More informationSecurity Trading Policy
Security Trading Policy Grays ecommerce Group Limited (ACN 125 736 914) (Grays or Company) Adopted by the Board on 1. Introduction 1.1 Purpose This policy summarises the law relating to insider trading
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationARTICLE 10. INFORMATION TECHNOLOGY
ARTICLE 10. INFORMATION TECHNOLOGY I. Virtual Private Network (VPN) The purpose of this policy is to provide guidelines for Virtual Private Network (VPN) connections to Education Division s resources.
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationREQUEST FOR QUOTE Department of Children and Families Office of Child Welfare National Youth in Transition Database Survey Tool January 27, 2014
REQUEST FOR QUOTE SUBJECT: Request for Quotes, State Term Contract #973-561-10-1, Information Technology Consulting Services TITLE: National Youth in Transition Database (NYTD) Survey Tool Proposal Software
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationGuideline on Access Control
CMSGu2011-08 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Access Control National Computer Board Mauritius Version 1.0
More information