AUTOMATED PHYSICAL ACCESS CONTROLS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "AUTOMATED PHYSICAL ACCESS CONTROLS"

Transcription

1 Cour Pénale Internationale International Criminal Court Administrative Instruction ICC/AI/2007/004 Date: 19/06/2007 AUTOMATED PHYSICAL ACCESS CONTROLS The Registrar, for the purposes of establishing access groups and access rights for the movement of personnel within the ICC premises, promulgates the following: Explanatory note to the Administrative Instruction The Security & Safety Section has been asked to implement physical access restrictions at floors and certain critical areas. In order to provide the authority for the SSS to implement such restrictions and ensure a manageable implementation, the SSS has drafted the present A.I. The physical access restrictions support the segregation of duties between the Organs and certain organisational units that follows from their potential conflict of interests. The restrictions also support the protection of critical areas such as technical installations, vaults and court rooms. [irinci}>li'* for physical /jarss /vs/r;vfio;/s The main criterion to determine if access will be granted is the genuine and permanent 'need to be': Does a group of workers need 24/7 unaccompanied, unrestricted and uninvited access to a floor or area? An occasional need to access a floor or area may not warrant a permanent access privilege. Workers with a permanent 'need to be' are in general the workers employed in the respective floors or areas. In addition, there will be other workers with permanent need to have immediate and unescorted access to the respective floors or areas. F.xamples of such workers are ICI' network administrators, security officers and certain general service staff. The absence of a professional need for permanent access does not mean a group of workers is not allowed access to a floor or area. Workers may still be allowed access but cannot open certain entrances with their badges. Thus, their access is subject to the discretion of the staff of the floors and areas the worker seeks access to. A word of caution ICC RESTRICTED Page 1 of 8

2 The Arc was not designed tor the Court and the Court has been retrofitted into the Arc. The access restrictions are managed by a software application with rather limited administrative capabilities. Not every access restriction desired may be technically or operationally possible to implement. For instance, the transit routes of workers to locations (for which they have a permanent need to access) may conflict with the access restrictions as desired by the organizational units along the same transit route. The physical access restrictions available at the Arc provide a relative low level of granularity. Section 1 Definitions 1.1. AAFP - Area Access Focal Point, a senior officer authorised to approve access rights requests for Staff to an Area under their responsibility ACFP - Access Control Focal Point, a senior officer that acts as the point within an organ to liaises with the SSS with regards to request for access to parts of the building 1.3. AIMS - Access and Intrusion Management System; the brand of the system in use at the Court to implement automated physical access controls Area- A floor, wing, vault or set of offices for which dedicated access rules are enforced through automated physical access controls Organizational Unit - An Organ, Division, Office, Section, Team or Unit PAID - The Pass & Identification office located at the Arc and staffed by SSS Staff - For the purposes of this Administrative Instruction, the term "staff" shall include all staff and individuals affiliated with or having a contractual relationship with the Court, such as elected officials, independent contractors, gratis personnel, interns, consultants, volunteers, interpreters, and other contractual personnel who are entrusted with authorised access to ICC Information in the course of performing their official duties. Note: Klected officials are exempt from the regular disciplinary process but not from compliance with the administrative processes of the Court SSS - Security & Safety Section of the Court. Section 2 Purpose 2.1. The International Criminal Court ("the Court") seeks to provide a safe and secure working environment in which the specific requirements for security, safety, independence, confidentiality and integrity of the judicial and administrative processes of the Organs are considered, established and maintained. Note: the physical access restrictions are put in place for the same reasons as the access restrictions in applications and network folders. ICC RESTRICTED Page 2 of 8

3 2.2. The purpose of this Administrative Instruction is to establish and maintain the protocols and division of access rights and to set out procedures for ensuring the accountability of afforded access rights This Administrative Instruction shall apply to all Staff and visitors who have been accorded physical access rights to the Court This Administrative Instruction shall apply to Court facilities that are equipped with automated physical access controls Physical access restrictions should not restrict Staff movement further than necessary for adequate security. They should be applied with caution and reason as they can impact on business efficiency and may lower the user-friendliness of the Court premises. Note: Physical access restrictions provide a low granularity and do not replace good practices as locking doors, filing documents and locking computers when absent Operational control and responsibility for programming, monitoring, interrogation and all other actions that may have an effect on the access control measures of the Court is delegated to the Chief of Security & Safety on behalf of the Registrar. Section 3 Areas 3.1. Access control shall be based on a set of Areas where each Area is defined through the set of Staff with a 'need to be' which is a permanent requirement to have unrestricted and uninvited access to the Area The main principle for the definition of Areas shall be the internal organization of the Court In order to restrict Staff movement no further than required for adequate security, Areas shall be defined as wide as possible, but as narrow as necessary. Applying too narrow an Area may impair the efficiency of the activities of the Court. Conversely, defining too wide an Area may create a risk of compromise The main Areas of the Court shall be defined by Annex A Every Area shall have a designated Area Access Focal Point (AAFP) for the purposes of approving access rights for Staff to the Area under their responsibility. Note: Fach Area has 1 'owner' and that owner is represented by the AAt-'P Any suggested amendment of Areas shall be communicated to the Chief of SSS in a timely manner, i.e. minimum of 1 week in advance of the date when the change is anticipated to take effect. Where a requested amendment necessitates alteration to or installation of new A1MSrelated infrastructure, such as badge readers, cabling, or door-set alterations, such a request should be communicated at least 3 months in advance of the anticipated date of implementation to both GSS and SSS Requested amendments are naturally governed by wider technical, operational and budgetary considerations and hence implementation cannot be guaranteed. Section 4 ICC RESTRICTED Page 3 of 8

4 Access Groups and Access Rights 4.1. Staff shall be granted access rights to Areas in line with the organizational unit in which they are employed and shall be granted access to the required work locations to reflect the function in which they are engaged. Access to the locations of other organizational units will not be granted automatically Each Organ shall be responsible for the provision of accurate and timely information on access groups and rights within the respective Organizational Unit to the Security & Safety Section (SSS) Each Organ shall designate an Access Control Focal Point (ACFP) for the purposes of requesting access rights for Staff under his/her responsibility. Note: Each Organ and Critical Area may choose to refine itselt into organizational units with regards to administration of requests for physical access, but shall provide a single point of contact with regards to the SSS The Access Groups of the Court shall be defined by Annex B. Note: All persons within a specific group are afforded equal access rights irrespective of role: all persons within such group are afforded equal access rights A request for extended access rights or the amendment or cancellation of access rights shall be provided in writing by the requesting ACFP, with the approval (in writing) of the AAFP of the Area, to the Chief of Security & Safety 2 working days in advance of anticipated implementation. Such amendment or cancellation of access rights may be based on: (a) Change of function and/ responsibility of staff; (b) Transfer of the staff member to a different Organizational Unit;. (c) Completion of employment; (d) Loss of access card; (e) Other reasonable grounds provided by the respective Staff, Human resources Section, the ACFP, the AAFP or a Head of Organ. Note: It is the 'owner' of the Area that takes the decision; hence, approval (in writing) must be sought. The SSS will act as a delegated 'owner' for certain areas such as the basement. Section 5 AIMS 5.1. AIMS shall be used as the main tool to ensure a basic level of physical segregation. The protection provided by AIMS may be increased by other means of access control, if required AIMS shall be routinely monitored, operated and controlled by the SSS of the Court, primarily via the computer interface provided at PAID The AIMS infrastructure shall be maintained and technically supported by the General Services Section (GSS) of the Court and necessary external contractors. The establishment and management of the necessary supporting contracts shall be the responsibility of GSS. Thus, the SSS shall be deemed to be the system "operator" and shall advise on the operational use of ICC RESTRICTED Page 4 of 8

5 AIMS, consistent with other security and safety considerations. GSS shall be considered the system "owner" for the purpose of maintenance, engineering and technical support The SSS shall establish a diagrammatic matrix of AIMS access groups, mapping defined access groups against badge reader access for engineering purposes. The AIMS matrix is constructed with and may only be adjusted by the SSS The AIMS matrix will provide the foundation for engineering, planning and control purposes. Note: The matrix holds the complex details of which doors can be opened with badges and needs a central administration. This provision is not prejudicial to the right of the 'area owners' to approve or disapprove access. Section 6 System Interrogation & Data Disclosure 6.1. Information on staff movements retained by AIMS will not ordinarily be made available to non-sss staff. Access by SSS staff shall be where there is a genuine "need to know". Note: An example of a genuine "need to know" would be the reconciliation of the manual logs entries on the vaults with the actual recorded badge activities with the vaults. Please mind that AIMS is not, for example, an attendance monitoring system Requests for access to AIMS data shall be made in writing to the Chief of SSS by at least a Section or Division Head. Such information will only be made available if the matter requiring further investigation has been reported to SSS. Applications for disclosure shall be assessed and authorised by the Chief of SSS To promote compliance with security regulations, AIMS data may be audited by authorised SSS personnel and disclosed to specific parties in connection with such written security regulations, for example, those regulations and procedures governing the protection of sensitive information, or specially restricted areas, such as the Court vaults. AIMS data disclosed for this purpose shall be treated with all due discretion and confidentiality by the receiving organizational unit. Section 7 Alignment with safety procedures 7.1. Any proposed changes to the placement of the hardware of the Physical Access Control System must first be risk-assessed by the Safety Officer of the SSS to ensure integration and alignment with safety procedures and general compliance with host country fire and safety regulations. The advice and agreement of the Safety Officer shall be paramount. Section 8 AIMS Cards ICC RESTRICTED Page 5 of 8

6 8.1. AIMS cards that have been inactive on the system for a period of eight weeks or more shall be disabled from AIMS by SSS. PAID shall actively review AIMS records for this purpose Staff holding an AIMS card that is nearing expiration, and their respective ACFP, shall be notified by two weeks before expiration by PAID Staff holding an AIMS card that is nearing expiration, and their respective ACFP, may request by for postponement of the expiration with another 2 months Loss or theft of AIMS cards shall be reported as soon possible to the SSS. The staff member will assist the SSS in completion of a Security Incident Report pertaining to the loss or theft Lost/stolen cards shall be disabled by SSS and the staff member shall be issued with a replacement card as soon as practicable thereafter during normal PAID working hours PAID shall be located at the entrance of the Arc building and be open during the normal business days of the Court from Staff that has misplaced their AIMS card, shall be provided with a temporary AIMS card that gives access to their Organ, but not to any other Area, with the exception of Security Staff and General Services Staff. Section 9 Final Provisions 9.1. Irrespective of AIMS, it remains the general duty of care of Staff to take reasonable steps to protect (e.g. 'not to put at risk') the assets of the Court, for example, by locking offices, safeguarding keys, protecting information, reporting incidents, adhering to established security policies and generally taking reasonable care in the execution of their duty. Note: This provision is added to make staff aware that access restrictions on floors and designated areas do not replace good practices such as a clear desk and/or locked door policy Users wishing to request exemptions to any provisions of this Administrative Instruction should do so through their supervisors by written communication to Information Security Unit of the Security and Safety Section This Administrative instruction shall be applied from the date of its signature. 'l/ls^*ts\ Bruno Cathala Registrar "" ICC RESTRICTED Page 6 of 8

8.1.6 POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES. Policy Statement COLLEGE OF CHARLESTON POLICY ON

8.1.6 POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES. Policy Statement COLLEGE OF CHARLESTON POLICY ON OFFICIAL POLICY 8.1.6 POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES 03/21/11 Policy Statement COLLEGE OF CHARLESTON POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES 1.0 PURPOSE OF POLICY The purpose

More information

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

University of Brighton School and Departmental Information Security Policy

University of Brighton School and Departmental Information Security Policy University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives

More information

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information

More information

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

DHHS Information Technology (IT) Access Control Standard

DHHS Information Technology (IT) Access Control Standard DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of

More information

Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units

Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units Fall 2014 Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units Effective January 1, 2015 Darren T. Sammons, Staff Attorney Commonwealth

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3 Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use

More information

Wellesley College Written Information Security Program

Wellesley College Written Information Security Program Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as

More information

Hiring Information Tracking System (HITS)

Hiring Information Tracking System (HITS) for the Hiring Information Tracking System (HITS) May 13, 2010 Contact Point Robert Parsons Director, Office of Human Capital U.S. Immigration and Customs Enforcement (202) 732-7770 Reviewing Official

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

POL 08.00.02 Information Systems Access Policy. History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014

POL 08.00.02 Information Systems Access Policy. History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014 POL 08.00.02 Information Systems Access Policy Authority: History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014 Related Policies: NC General Statute 14-454 - Accessing

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

New River Community College. Information Technology Policy and Procedure Manual

New River Community College. Information Technology Policy and Procedure Manual New River Community College Information Technology Policy and Procedure Manual 1 Table of Contents Asset Management Policy... 3 Authentication Policy... 4 Breach Notification Policy... 6 Change Management

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors TITLE: Access Management Policy #: Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors Purpose The purpose of this policy is to describe

More information

Revised June, 2002 FACILITY ACCESS AND IDENTIFICATION BADGE POLICY AND PROCEDURES

Revised June, 2002 FACILITY ACCESS AND IDENTIFICATION BADGE POLICY AND PROCEDURES FACILITY ACCESS AND IDENTIFICATION BADGE POLICY AND PROCEDURES August/99 Revised Oct./99 Revised Feb/2000 Revised March/2000 Revised April, 2000 Revised March, 2001 Revised May, 2001 Revised June, 2002

More information

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law

More information

OFFICIAL. NCC Records Management and Disposal Policy

OFFICIAL. NCC Records Management and Disposal Policy NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

9/11 Heroes Stamp Act of 2001 File System

9/11 Heroes Stamp Act of 2001 File System for the 9/11 Heroes Stamp Act of 2001 File System Contact Point Elizabeth Edge US Fire Administration Federal Emergency Management Agency (202) 646-3675 Reviewing Official Nuala O Connor Kelly Chief Privacy

More information

Information Technology Management Procedure June 1, 2015

Information Technology Management Procedure June 1, 2015 Information Technology Management Procedure June 1, 2015 Information Technology Management, page 1 of 7 Contents Responsibility for Local Information Technology Policies 3 Responsibility to Maintain Functionality

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

ASSOCIATED STUDENTS, INCORPORATED CALIFORNIA STATE UNIVERSITY, LONG BEACH DATE REVISED: 04/10/2013

ASSOCIATED STUDENTS, INCORPORATED CALIFORNIA STATE UNIVERSITY, LONG BEACH DATE REVISED: 04/10/2013 Cash Handling BACKGROUND AND PURPOSE...1 POLICY STATEMENT...2 WHO SHOULD KNOW THIS POLICY...2 DEFINITIONS...2 STANDARDS AND PROCEDURES...3 1.0 CONDITIONS FOR EMPLOYMENT IN CASH HANDLING ENVIRONMENT...3

More information

Evergreen Solar, Inc. Code of Business Conduct and Ethics

Evergreen Solar, Inc. Code of Business Conduct and Ethics Evergreen Solar, Inc. Code of Business Conduct and Ethics A MESSAGE FROM THE BOARD At Evergreen Solar, Inc. (the Company or Evergreen Solar ), we believe that conducting business ethically is critical

More information

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

CONNECTICUT RIVER WATERSHED COUNCIL, INC. DOCUMENT MANAGEMENT & WRITTEN INFORMATION SECURITY POLICY

CONNECTICUT RIVER WATERSHED COUNCIL, INC. DOCUMENT MANAGEMENT & WRITTEN INFORMATION SECURITY POLICY CONNECTICUT RIVER WATERSHED COUNCIL, INC. DOCUMENT MANAGEMENT & WRITTEN INFORMATION SECURITY POLICY The Council s document management policy is intended to cover all documents produced and held by the

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

University of St Andrews Out of Hours Protocol Appendices: A- CCTV Code of Practice B- Service Level Statement

University of St Andrews Out of Hours Protocol Appendices: A- CCTV Code of Practice B- Service Level Statement University of St Andrews Out of Hours Protocol Appendices: A- CCTV Code of Practice B- Service Level Statement 1. Context The University security service provides night and weekend cover throughout the

More information

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed

More information

ADMINISTRATIVE ASSISTANT/RECEPTIONIST

ADMINISTRATIVE ASSISTANT/RECEPTIONIST ADMINISTRATIVE ASSISTANT/RECEPTIONIST Responsible to: Grade: Hours of Work: Weeks per year: Examinations and Administration Manager L2 Monday to Friday 09.00am 17.00pm Term time only including 5 training

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

ADMINISTRATIVE MANUAL Policy and Procedure

ADMINISTRATIVE MANUAL Policy and Procedure ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

FINANCIAL MANAGEMENT POLICIES AND PROCEDURES

FINANCIAL MANAGEMENT POLICIES AND PROCEDURES FINANCIAL MANAGEMENT POLICIES AND PROCEDURES SAMPLE 1. GENERAL PURPOSE The purpose of these policies is to establish guidelines for developing financial goals and objectives, making financial decisions,

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information

Work Health & Safety Policy Document Number: WH&S 023 003 Ver 1

Work Health & Safety Policy Document Number: WH&S 023 003 Ver 1 Work Health & Safety Policy Document Number: WH&S 023 003 Ver 1 Approved by: Senior Leadership Team Page 1 of 7 POLICY OWNER: Human Resources PURPOSE: To ensure, so far as is reasonably practicable, that

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Cafcass and Independent Reviewing Officer. Protocol for Public Law Work. Independent Reviewing Officer

Cafcass and Independent Reviewing Officer. Protocol for Public Law Work. Independent Reviewing Officer Cafcass and Independent Reviewing Officer Protocol for Public Law Work The Protocol has been developed in response to the need to agree a clear understanding of the statutory roles and interface between

More information

INTRODUCTION 1 STRUCTURE AND APPROACH 1 CONTEXT AND PURPOSE 2 STATEMENT OF PURPOSE 3

INTRODUCTION 1 STRUCTURE AND APPROACH 1 CONTEXT AND PURPOSE 2 STATEMENT OF PURPOSE 3 June 2007 Table of Contents INTRODUCTION 1 STRUCTURE AND APPROACH 1 CONTEXT AND PURPOSE 2 STATEMENT OF PURPOSE 3 3 Standard 1: Statement of purpose 3 Standard 2: Written guide to the adoption service for

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

LOBBYING DISCLOSURE IN PENNSYLVANIA 2014 ANNUAL REPORT PENNSYLVANIA DEPARTMENT OF STATE. June 2015. Tom Wolf Governor

LOBBYING DISCLOSURE IN PENNSYLVANIA 2014 ANNUAL REPORT PENNSYLVANIA DEPARTMENT OF STATE. June 2015. Tom Wolf Governor LOBBYING DISCLOSURE IN PENNSYLVANIA 2014 ANNUAL REPORT PENNSYLVANIA DEPARTMENT OF STATE June 2015 Tom Wolf Governor Pedro A. Cortés Secretary of the Commonwealth Summary of Act 134 of 2006 This Act amends

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

Policy on Privileged Access

Policy on Privileged Access Policy on Privileged Access Reference: CNS-P-GEN-PRIV-ACCESS Revision: D Supersedes: Purpose: Source: System Administrator Best Practice Guideline The purpose of this policy is to prevent inappropriate

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

Document Title: System Administrator Policy

Document Title: System Administrator Policy Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated

More information

Officers Code of Conduct

Officers Code of Conduct Officers Code of Conduct Effective from: 17 th September 2014 Approved by Council on 17 th September 2014 1. INTRODUCTION 1.1 The Council believes that its activities demand the highest standards of confidence

More information

SAMPLE NPO Fiscal Policies & Procedures

SAMPLE NPO Fiscal Policies & Procedures SAMPLE NPO NOTE: The most important part of developing policies and procedures is that they are discussed and agreed upon within the organization. This template is designed to be used in conjunction with

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Data Protection and Data security Policy

Data Protection and Data security Policy Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us

More information

PBGC Information Security Policy

PBGC Information Security Policy PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.

More information

REQUEST FOR QUOTE Department of Children and Families Office of Child Welfare National Youth in Transition Database Survey Tool January 27, 2014

REQUEST FOR QUOTE Department of Children and Families Office of Child Welfare National Youth in Transition Database Survey Tool January 27, 2014 REQUEST FOR QUOTE SUBJECT: Request for Quotes, State Term Contract #973-561-10-1, Information Technology Consulting Services TITLE: National Youth in Transition Database (NYTD) Survey Tool Proposal Software

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

THE USE OF PHYSICAL FORCE AND OF FIREARMS BY ICC SECURITY OFFICERS. Section 1. Purpose of this Administrative Instruction

THE USE OF PHYSICAL FORCE AND OF FIREARMS BY ICC SECURITY OFFICERS. Section 1. Purpose of this Administrative Instruction Cour Pénale Internationale International Criminal Court Administrative Instruction ICC/AI/2004/003 Date: 20 April 2004 THE USE OF PHYSICAL FORCE AND OF FIREARMS BY ICC SECURITY OFFICERS Section 1 Purpose

More information

PURCHASING CARD POLICY AND PROCEDURES

PURCHASING CARD POLICY AND PROCEDURES PURCHASING CARD POLICY AND PROCEDURES 1. PURPOSE To establish policies and procedures for procuring goods and/or services using a Purchasing Card. Purchasing Cards are referred to throughout this policy

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

Network Service Policy

Network Service Policy Network Service Policy TABLE OF CONTENTS PURPOSE... 3 SCOPE... 3 AUDIENCE... 3 COMPLIANCE & ENFORCEMENT... 3 POLICY STATEMENTS... 4 1. General... 4 2. Administrative Standards... 4 3. Network Use... 5

More information

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) PURPOSE: The purpose of this procedure is to establish the roles, responsibilities, and communication procedures for the Computer Security Incident

More information

University of Northern Colorado. Data Security Policy for Research Projects

University of Northern Colorado. Data Security Policy for Research Projects University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...

More information

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 This Notice sets forth the principles followed by United Technologies Corporation and its operating companies, subsidiaries, divisions

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

University of Birmingham. Closed Circuit Television (CCTV) Code of Practice

University of Birmingham. Closed Circuit Television (CCTV) Code of Practice University of Birmingham Closed Circuit Television (CCTV) Code of Practice University of Birmingham uses closed circuit television (CCTV) images to provide a safe and secure environment for students, staff

More information

MEDICAL TRAINEE DATA FORM (This information is required for all medical students)

MEDICAL TRAINEE DATA FORM (This information is required for all medical students) ALEXANDRA MARINE AND GENERAL HOSPITAL 120 Napier Street, GODERICH, ON N7A 1W5 (519) 524-8689 ext. 5712 Fax: (519) 524-5579 Email: amgh.administration@amgh.ca MEDICAL TRAINEE DATA FORM (This information

More information

Data Centre & Facilities Access Procedures

Data Centre & Facilities Access Procedures University of Manitoba - Information Services & Technology Data Centre & Facilities Access Procedures Effective Date: Review Date: Approving Body: Applies to: March 1, 2012 March 1, 2017 Mike Langedock,

More information

Information Technology Services Guidelines

Information Technology Services Guidelines Page 1 of 10 Table of Contents 1. Purpose... 2 2. Entities Affected by This Guideline... 2 3. Definitions... 2 4. Guidelines... 3 4.1 Requesting Data Center or... 3 4.2 Requirements for Data Center or...

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

KEY, SWIPE CARD AND ELECTRONIC FOB POLICY

KEY, SWIPE CARD AND ELECTRONIC FOB POLICY KEY, SWIPE CARD AND ELECTRONIC FOB POLICY DOCUMENT CONTROL Version: 3 Ratified by: Risk Management Group Date Ratified: 30 th April 2014 Name of originator / author: Head of Health, Safety & Security Name

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

SOCIETY FOR FOODSERVICE MANAGEMENT FOUNDATION. (a Delaware nonprofit, non-stock corporation) Bylaws ARTICLE I NAME AND PURPOSE

SOCIETY FOR FOODSERVICE MANAGEMENT FOUNDATION. (a Delaware nonprofit, non-stock corporation) Bylaws ARTICLE I NAME AND PURPOSE SOCIETY FOR FOODSERVICE MANAGEMENT FOUNDATION (a Delaware nonprofit, non-stock corporation) Bylaws ARTICLE I NAME AND PURPOSE Section 1.1. Name. The name of the Corporation is Society for Foodservice Management

More information

INFORMATION TECHNOLOGY POLICY

INFORMATION TECHNOLOGY POLICY COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of Policy: Physical and Environmental Security Policy Domain: Security Date Issued: 06/09/11 Date Revised: 10/11/13

More information

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012 UNIVERSITY COLLEGE LONDON CCTV POLICY Endorsed by the Security Working Group - 17 October 2012 Endorsed by the Infrastructure IT Services Strategy Group - 18 October 2012 Reviewed and endorsed (with one

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Share Trading Policy. SkyFii Limited ACN 009 264 699 (Company)

Share Trading Policy. SkyFii Limited ACN 009 264 699 (Company) Share Trading Policy SkyFii Limited ACN 009 264 699 (Company) Table of contents 1 Purpose... 1 1.1 Scope... 1 1.2 Who does this policy apply to?... 1 1.3 Further advice... 1 2 Insider trading prohibitions

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Physical Security Policy Template

Physical Security Policy Template Physical Security Policy Template The Free iq Physical Security Policy Generic Template has been designed as a preformatted framework to enable your Practice to produce a Policy that is specific to your

More information

Voluntary Licensing Scheme for Athletes and Coaches Agent

Voluntary Licensing Scheme for Athletes and Coaches Agent Voluntary Licensing Scheme for Athletes and Coaches Agent Code of Practice (February 2010) 1 Code of Practice...1 Preamble...3 Child Safeguarding...3 Responsibility...4 Respect for All...4 Working Practice...4

More information