Airport Access Control Pilot Project. Privacy Impact Assessment. June 18, Contact Point:
|
|
- Walter Roberts
- 8 years ago
- Views:
Transcription
1 Airprt Access Cntrl Pilt Prject Privacy Impact Assessment June 18, 2004 Cntact Pint: Lisa S. Dean Privacy Officer Transprtatin Security Administratin Reviewing Official: Nuala O Cnnr Kelly Chief Privacy Officer U.S. Department f Hmeland Security
2 Airprt Access Cntrl Pilt Prject Privacy Impact Assessment I. Intrductin On Nvember 18, 2001 Cngress passed the Aviatin and Transprtatin Security Act (PL ). The statute directed the newly-frmed Transprtatin Security Administratin (TSA) t establish pilt prgrams in n fewer than 20 airprts t test and evaluate new and emerging technlgies fr prviding access cntrl and ther security prtectins fr clsed r secure areas f the airprts. Such technlgy may include bimetric r ther technlgy that ensures nly authrized access t secure areas. (See PL Sectin 106(d)(3) cdified at 49 U.S.C (c)(3)). The purpse f TSA s Airprt Access Cntrl Pilt Prgram (AACPP) is t implement pilt prjects at airprts t evaluate and demnstrate applicatins f new and emerging technlgies that enhance the perfrmance f access cntrl systems. Access cntrls are used t ensure that unauthrized persns cannt gain access t sensitive areas in airprts r gain access t air carg stred in sensitive areas in air transprtatin facilities (e.g: warehuses, hangers, and ther buildings that are usually at an airprt). Since the fcus f the prject is n the testing f technlgies with the vluntary cllectin f a limited amunt f persnal data being an incidental cmpnent needed t cnduct the testing, the impact t persnal privacy will be minimal. Hwever, in the interest f transparency t the public, TSA decided t cnduct this Privacy Impact Assessment (PIA) pursuant t the E-Gvernment Act f 2002, P.L , and the accmpanying guidelines issued by the Office f Management and Budget (OMB) n September 26, This PIA is based n the current design f the prgram and the Privacy Act system f recrds ntice, Transprtatin Security Technlgy Testing System (DHS/TSA 016), that was published in the Federal Register n July 1, This PIA prvides further details abut the cllectin f persnally identifiable infrmatin fr the purpse f evaluating and demnstrating applicatins f new and emerging technlgies. The AACPP received prpsals frm 55 airprts that are interested in vlunteering fr the prject. Altgether, the airprts prpsed 325 different technlgy vendrs wh market variatins f certain technlgies. Of the different technlgies prpsed, the AACPP gruped them int 5 general categries: Bimetric devices (including fingerprint recgnitin, vice r wrd recgnitin, iris scans, hand gemetry recgnitin), intrusin surveillance and tracking (including Radi Frequency ID tags and intelligent vide systems), dr cntrls (including access cntrl card readers), anti-tailgating (preventing persns frm sneaking in behind authrized peple by using intelligent vide, and ptical license plate readers t detect autmbiles) and ther, which cnsisted f interesting but difficult t categrize ideas. During the perid f the pilt prject, TSA will chse which technlgies it wuld like t assess fr access cntrl purpses, and the AACPP will set up the access pint and demnstrate the effectiveness f the chsen technlgies. The demnstratin will rely n the participatin f vlunteers wh wrk at the airprt and will use the access technlgy being tested. The prgram will mnitr the experience f these vlunteers and will utilize surveys t request feedback n the technlgy. Limited persnal infrmatin abut the vlunteers will be cllected and used during this pilt; hwever, nne f this infrmatin will be cllected r used t make determinatins that will affect individual rights. The prgram will als nt have an impact n anyne wh des nt vlunteer t participate. The end result f the prject will be a reprt t TSA that will describe all f the technlgies that were tested in at least 20 airprts. The reprt will serve a threefld purpse:
3 Fr TSA, the AACPP reprt will cntain a bdy f field-prven knwledge t assist in develping perfrmance standards and in determining what kinds f access cntrl technlgy are acceptable fr use in sensitive areas in airprts r ther air transprtatin facilities. Aviatin security slutins need t vary in rder t accmmdate the needs f a large number f airprts f varius sizes and vulnerabilities. The bdy f field-prven knwledge that results frm this prject will enable TSA t apprve security systems and designs that can be tailred t individual airprt needs. Fr stakehlders (airprts in particular), the AACPP reprt will facilitate the deplyment f advanced access cntrl technlgy. The results f this prject will enable stakehlders t cnfidently design security slutins tailred t their individual needs and budgets, drawing upn the field-prven technlgy that was demnstrated under this prject. This flexibility in meeting regulatry security standards is a high pririty fr stakehlders. Fr manufacturers f emerging technlgies, prtins f the AACPP reprt can be used as a guide fr tailring advanced access cntrl technlgies t meet the demands f the airprt envirnment. II. System Overview What infrmatin will be cllected and used fr this pilt prject? The infrmatin t be used and cllected under this prject cnsists f: full name, year f birth, gender, ethnic backgrund, primary language, emplyer, and airprt identificatin badge number f a select grup f vlunteer participants (airprt r air carrier emplyees and cntractrs, airprt users, and federal wrkers) wh have access t secure areas f an airprt (and in tw cases, access t air carg stred in secure areas f air carg strage facilities). Additinally, at sites that are testing bimetric devices, a bimetric identifier will be cllected frm participants in the prgram. In rder fr AACPP t analyze the perfrmance f the devices at access pints leading int secure areas f an airprt, the participants will use the device whenever they attempt t enter these areas. The AACPP will then review hw well the device wrks and hw well the participants adjusted t the device. In cnducting such a review, the AACPP may have reasn t cntact the participant fr infrmatin. As a result, the AACPP needs t have a methd f identifying wh the participants are. Nrmally, this will be dne thrugh the participant s airprt identificatin badge number, which will be recrded every time a participant uses the device. The AACPP may need t cntact the participant fr a number f reasns, including the fllwing: If, during the pilt, the technical data cllected indicates t the AACPP that a participant has experienced unique difficulties while interacting with a device, the AACPP can use the participant s identifying infrmatin in rder t cntact the participant t get mre specific infrmatin abut the difficulties that were experienced. Fr example, in a prject demnstrating the effectiveness f a fingerprint reader, participants will enrll in the prject by submitting a fingerprint sample t the system. If technical data later indicates that ne participant cntinues t experience a bad read by the fingerprint reader, the AACPP can extract the participant s badge number frm the raw data cllected and ask the airprt t use the badge number t identify the participant. AACPP can then cntact the participant t determine why the fingerprint reader is having truble recgnizing that participant s fingerprint sample (the participant s fingerprint sample may have been enrlled imprperly). In all cases, submissin f identifying data t the AACPP is vluntary, and anyne wh has been invited t be a participant in the pilt prject is free t decline.
4 Midway thrugh the prject, the AACPP may want t interview sme participants t determine their perceptins f the prject. While perceptins d nt indicate hw well a device actually wrks, they can shed light n the acceptability f a device by the persns using it. In sme cases, if the participants have t fllw a few extra steps befre gaining access t a secure area, but they feel that the added steps are wrth the effrt t keep the area safe, a particular device may be easier t intrduce at an airprt fr widespread use. Sme technlgies d nt effectively identify peple with certain physical characteristics. It is well dcumented, fr instance, that certain fingerprint technlgies d nt effectively recgnize the fingerprints f certain ethnic grups. If a pilt device indicates an unusually high number f bad reads fr ne participant, the AACPP may want t lk at the participant s vluntarily-submitted demgraphic infrmatin t determine whether he r she falls int a knwn categry f persns fr which that particular technlgy isn t best suited. This is als seen in wrd recgnitin technlgy being used by persns wh speak English as a secnd language. Use f this persnal infrmatin will help AACPP determine whether the device being demnstrated is malfunctining, r whether it is nt perfrming well because f utside influences such as ethnic backgrund r language barriers. In all instances when persnal infrmatin is used, the AACPP is using the infrmatin t determine hw well a device is functining as well as the prs and cns f deplying a device in a lcatin that must accmmdate a large number f persns. The AACPP s interest, then, is t determine the ultimate peratinal suitability f a technlgy fr use by many peple; ther than determining hw well a device wrks, r whether a device is malfunctining r simply reacting t a demgraphic anmaly, AACPP has n ther interest in persnal infrmatin f participants, and will nt use it fr any ther purpse. Why is the infrmatin being cllected and hw are participants affected? The infrmatin is being cllected in rder t evaluate the perfrmance f the access cntrl systems being demnstrated at each site. Participants are nt affected persnally, except that they may be cntacted by AACPP and asked their pinins abut the device being demnstrated and whether they find it easy t use. What infrmatin technlgy system(s) will be used fr this prgram and hw will they be integrated? The AACPP will deply Data Observatin Cllectin Kits (DOCKs) at all airprt sites where technlgies are being demnstrated. These kits receive highly technical peratinal data (raw data, such as mean-time between failures, temperature, and the date and time a device was used) frm an integratin panel cnnected t the devices being demnstrated. The DOCKs at every lcatin recrd the raw data received and transmit it t a central data repsitry lcated at the AACPP headquarters in Restn, Virginia. AACPP persnnel then review the raw data t determine hw well the devices are wrking. The system als recrds such things as whether a device wuld have permitted access t a participant if it were actually deplyed by an airprt as part f its security system, and hw lng it tk fr the transactin t take place. Malfunctins f any devices will als be recrded and analyzed. Neither the DOCKs nr the Central Repsitry are integrated int any ther infrmatin system. N infrmatin frm the DOCKs r frm the Central Repsitry can be btained frm any utside system. Only AACPP persnnel with a need t knw will have access t the infrmatin recrded by the DOCKs r stred in the Central Repsitry
5 What ntice r pprtunities fr cnsent are prvided t individuals regarding what infrmatin is cllected, and hw that infrmatin is shared? In its Privacy Act System f Recrds Ntice, Transprtatin Security Technlgy Testing System (DHS/TSA 016), TSA prvided ntice that it will cllect persnally-identifying infrmatin. relating t the Transprtatin Security Technlgy Testing System. This PIA prvides additinal ntice abut the prgram. TSA intends t prvide further ntices t individuals at the time the infrmatin is cllected. Individuals participatin in the AACPP prgram is entirely vluntary. Des this prgram create a new system f recrds under the Privacy Act? Yes. This prgram is cvered under a Privacy Act system f recrds that is being established cncurrent with this ntice, called the Transprtatin Security Technlgy Testing System, r DHS/TSA 016. With whm will the cllected infrmatin be shared? The cllectin, maintenance, and disclsure f infrmatin will be in cmpliance with the Privacy Act and the published system f recrds ntice. TSA s cntractr is likewise bliged t cmply with the Privacy Act pursuant t 5 U.S.C. 552a(m). Hw will the infrmatin be secured against unauthrized use? (What technlgical mechanism will be used t ensure security against hackers r malicius intent?) TSA will secure persnal infrmatin against unauthrized use thrugh the use f a layered security apprach invlving prcedural and infrmatin security safeguards. The data will be encrypted using Natinal Institute f Science and Technlgy (NIST) and Federal Infrmatin Security Management Act (FISMA) standards and industry best practices when being transferred between secure wrkstatins. When transferring infrmatin between the end user s brwser and the web, TSA will use Secure Scket Layer (SSL) 128-bit encrypted sessins fr data integrity and privacy. Once user data has been btained at the web server, it will be transferred t a TSA database server ver an encrypted sessin. Specific privacy safeguards can be categrized by the fllwing means, which are described in greater detail elsewhere in this dcument: Technical limitatins n, and tracking f, data access and use; Use f secure telecmmunicatins techniques; and Limitatin f physical access t system databases and wrkstatins. This apprach prtects the infrmatin in accrdance with the fllwing requirements: The Privacy Act f 1974, as amended (5 USC 552a), which affrds individuals the right t privacy in recrds that are maintained and used by Federal agencies. Federal Infrmatin Security Management Act f 2002, (Public Law ), which establishes minimum security practices fr Federal security systems.
6 Will the infrmatin be retained and if s, fr what perid f time? TSA prpses t maintain the raw data and accmpanying recrds generated by the AACPP fr 10 years, pending apprval by the Natinal Archives and Recrds Administratin (NARA). The recrds being retained, hwever, will nt cntain any persnal identifiers f the participants. AACPP will remve and destry persnal identifiers frm the data at the end f the prject. Will the infrmatin cllected be used fr any ther purpse ther than the ne intended? Infrmatin cllected will nly be used fr the purpse f evaluating the technlgy being tested at each site under the AACPP pilt prgram. Hw will the pilt participants be able t seek redress? Fr purpses f this pilt, TSA will nt make any determinatins that affect individual rights fr which redress is required; additinally, all participants are vlunteers. Prcedures fr Privacy Act requests fr access t infrmatin in the system are as fllws: T determine if this system cntains a recrd relating t yu, write t the system manager at the fllwing address: Directr f the Security Technlgy Office, TSA Headquarters, TSA-16, 601 S. 12 th Street, Arlingtn, VA Please prvide yur full name, current address, date f birth, place f birth, and a descriptin f infrmatin that yu seek, including the time frame during which the recrd(s) may have been generated. Yu may als prvide yur Scial Security Number r ther unique identifier(s) but yu are nt required t d s. Individuals requesting access must cmply with the Department f Hmeland Security s Privacy Act regulatins n verificatin f identity (6 CFR 5.21(d)). What databases will the names be run against? DHS will nt run the names f pilt participants against any database. What is the step by step prcess thrugh which the systems will wrk nce the data has been input and what is the prcess fr generating a respnse? AACPP will input the participant infrmatin (an airprt badge number, alng with a bimetric identifier in places where a bimetric device is being demnstrated) int the system being demnstrated at each site. Fr a perid f 90 days per site, the participant will present his r her bimetric identifier (a fingerprint, fr instance) t a reader, and then fllw regular airprt prcedures in rder t gain access t a secure area. Because the devices in this prgram are being demnstrated, they are nt cnnected t an airprt s actual access cntrl system. In this way, if the device cannt read a fingerprint, r an iris scan, r whatever bimetric identifier is needed fr the demnstratin, a participant will nt be prevented frm entering an area if he r she therwise is granted access by the airprt s system. In mst cases where a device cannt read a bimetric identifier, the device will prmpt the participant t try again. Even if the device cannt identify the participant, the participant ultimately will be given a signal (usually a green light r an audible tne) indicating that the participant may prceed int a secure area after fllwing the airprt s standard access prcedures. AACPP has an interest in the number f times a device fails t read a bimetric identifier as well as the number f times it recgnizes them. Therefre, all f the attempts t use the device are recrded by the DOCK and sent t the Central Repsitry. AACPP will review the raw data t
7 evaluate the perfrmance f the device. Participants can expect t be cntacted by AACPP during the 90-day perid f the demnstratin and asked their pinins f the device being demnstrated. At the end f the pilt perid, any leftver equipment (nt clear what this refers t), the AACPP reprt, and assciated raw data (with persnal identifiers remved) will be prvided t TSA. What technical safeguards are in place t secure the data? DHS emplys the fllwing technical safeguards t secure data: Use f advanced encryptin technlgy t prevent internal and external tampering f the raw data. Secure data transmissin including the use f passwrd-prtected fr sending files between the AACPP cntractr and TSA headquarters. Passwrd prtectin fr files cntaining persnal r sensitive security infrmatin t prevent unauthrized internal and external access. Netwrk firewalls t prevent intrusin int DHS netwrk and AACPP databases. User identificatin and passwrd authenticatin t prevent access t sensitive security infrmatin by unauthrized users. Will the staff wrking with the data have apprpriate training and security clearances t handle the sensitivity f the infrmatin? All DHS and assigned cntractr staff receive DHS-mandated privacy training n the use and disclsure f persnal data. Additinally, training has been cnducted that relates t the handling f persnal data and sensitive security infrmatin. FOR QUESTIONS OR COMMENTS, PLEASE CONTACT: Lisa S. Dean, Privacy Officer, Transprtatin Security Administratin, Nuala O'Cnnr Kelly, Chief Privacy Officer, Department f Hmeland Security,
Registered Traveler Pilot. Privacy Impact Assessment. June 24, 2004. Contact Point:
Registered Traveler Pilt Privacy Impact Assessment June 24, 2004 Cntact Pint: Lisa S. Dean Privacy Officer Transprtatin Security Administratin 571.227.3947 Reviewing Official: Nuala O Cnnr Kelly Chief
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationHampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices
This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse
More informationHIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.
HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationProject Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES
Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationPrivacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.
Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationFORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS
APPENDIX A FORM ADV (Paper Versin) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS Frm ADV: General Instructins Read these instructins carefully befre
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationTexas Woman's University University Policy Manual
Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September
More informationFIREFIGHTER HEART AND CIRCULATORY MALFUNCTION BENEFITS PROGRAM STANDARD OPERATING GUIDELINES Approved by the DOLA Executive Director July 1, 2014
FIREFIGHTER HEART AND CIRCULATORY MALFUNCTION BENEFITS PROGRAM STANDARD OPERATING GUIDELINES Apprved by the DOLA Executive Directr July 1, 2014 Prgram Overview: As f July 1, 2014, the Department f Lcal
More informationGUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN
Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationFrequently Asked Questions About I-9 Compliance
Frequently Asked Questins Abut I-9 Cmpliance What is required t verify wrk authrizatin? The basic requirement t verify wrk authrizatin is the Frm I-9. This frm is available n the HR website: http://www.fit.edu/hr/dcuments/frms/i-9.pdf
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationNYU Langone Medical Center NYU Hospitals Center NYU School of Medicine
Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff
More informationDirectives to LHINs in respect of Reporting Requirements under the BPSAA. Issued By Minister of Health and Long-Term Care
Directives t LHINs in respect f Reprting Requirements under the BPSAA Issued By Minister f Health and Lng-Term Care Effective April 1, 2011 Table f Cntents 1. BACKGROUND... 2 2. REPORT ON THE USE OF CONSULTANTS...
More informationEmployees - recruitment, records and monitoring
Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,
More informationRecognition of Prior Learning (RPL) TAE40110 Certificate IV in Training and Assessment
Recgnitin f Prir Learning (RPL) TAE40110 Certificate IV in Training and Assessment What is RPL? RPL recgnises that yu may already have the skills and knwledge needed t meet natinal cmpetency standards.
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationFINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.
FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept
More informationHealth and Safety Training and Supervision
Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationAccessibility Compliance Management System (ACMS)
fr the Accessibility Cmpliance Management System (ACMS) June 22, 2010 Cntact Pint Allen Hffman Office f Accessible Systems & Technlgy (OAST) DHS OCIO (202) 447-0303 Reviewing Official Mary Ellen Callahan
More informationPrivacy and Security Training Policy (PS.Pol.051)
Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationSummary of Arrangements Conducted under the Medicare ACO Participation Waiver
Summary f Arrangements Cnducted under the Medicare ACO Participatin Waiver Last Updated: January 1, 2015 1. EHR Subsidy Arrangements (2013 2015). Effective August 14, 2013, the Jhn Muir Physician Netwrk
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationTHIRD PARTY PROCUREMENT PROCEDURES
ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central
More informationCloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013
Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationIT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationMunicipal Advisor Registration
FACT SHEET Municipal Advisr Registratin SEC Open Meeting Sept. 18, 2013 The Securities and Exchange Cmmissin tday will cnsider whether t adpt a rule that wuld establish a permanent registratin regime fr
More information2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.
HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal
More informationSoftware and Hardware Change Management Policy for CDes Computer Labs
Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces
More informationData Warehouse Scope Recommendations
Rensselaer Data Warehuse Prject http://www.rpi.edu/datawarehuse Financial Analysis Scpe and Data Audits This dcument describes the scpe f the Financial Analysis data mart scheduled fr delivery in July
More informationElectronic and Information Resources Accessibility Compliance Plan
Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationGOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES For Your Protected Health Information
GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES Fr Yur Prtected Health Infrmatin THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI
More informationREQUEST FOR PROPOSAL SECURITY SERVICES
REQUEST FOR PROPOSAL SECURITY SERVICES Sectin I INTRODUCTION [Cmpany] is seeking prpsals frm qualified Cntractrs t prvide unifrmed security service fr [Cmpany] facilities at [Lcatin(s)]. This dcument is
More informationGrant Application Writing Tips and Tricks
Grant Applicatin Writing Tips and Tricks Grants are prvided by gvernment (lcal, state and natinal), charitable trusts, and by cmmunity rganisatins (eg Ltteries, Rtary, etc). Each grant has a specific purpse,
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationPrivacy Plicy Welcme, Sensati & JHI
Privacy Plicy Welcme t www.framesdata.cm! This site (the Frames Data Online Site ) is wned by Frames Data Inc. ("FDI" r we ), a subsidiary f Jbsn Medical Infrmatin LLC ("JMI") and its parent, Jbsn Healthcare
More informationAustralian Institute of Psychology. Human Research Ethics Committee. Terms of Reference
Australian Institute f Psychlgy Human Research Ethics Cmmittee Terms f Reference What is research? Accrding t the Natinal Statement research... is widely understd t include at least investigatin undertaken
More informationWire Transfer Request
Wire Transfer Request Requirements and Instructins OFFICE OF DISBURSEMENTS Categry: Dcument Name: Payment Prcessing Wire Transfer Request - Requirements and Instructins Respnsible Department: Office f
More informationCCPRF. Request for Proposals. Monitoring Services. November 25, 2009
CCPRF Request fr Prpsals Mnitring Services Nvember 25, 2009 Table f Cntents SECTION I... 1 1.1 INTRODUCTION AND OPPORTUNITY... 1 1.2 OBJECTIVES OF RFP... 1 1.3 STATEMENT OF WORK... 1 SECTION II... 2 2.1
More information10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review
10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic
More informationPublic consultation paper
Public cnsultatin paper Nvember 2012 Public cnsultatin n guidelines fr prfessinal indemnity insurance arrangements fr nurses and nurse practitiners. Please prvide feedback by email t: nmbafeedback@ahpra.gv.au
More informationKnowledge Base Article
Knwledge Base Article Crystal Matrix Interface Cmparisn TCP/IP vs. SDK Cpyright 2008-2012, ISONAS Security Systems All rights reserved Table f Cntents 1: INTRODUCTION... 3 1.1: TCP/IP INTERFACE OVERVIEW:...
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationProcedures for Payments Made to or on Behalf of International Students, Visitors and Vendors
Prcedures fr Payments Made t r n Behalf f Internatinal Students, Visitrs and Vendrs General Infrmatin All payments made t r n behalf f an internatinal visitr, student r vendr have ptential tax cnsideratins
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationCOMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE
COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE Mst dealers are familiar with the requirements f the Gramm-Leach-Bliley Act
More informationApril 29, 2013 INTRODUCTION ORGANIZATIONAL OVERVIEW PROJECT OVERVIEW
April 29, 2013 INTRODUCTION The Mid-Atlantic Reginal Air Management Assciatin, Inc (MARAMA) is seeking t engage a cntractr t assist in updating f MARAMA s current website sftware and mve the website t
More informationIMT Standards. Standard number A000014. GoA IMT Standards. Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical
IMT Standards IMT Standards Oversight Cmmittee Gvernment f Alberta Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical Standard number A000014 Electrnic Signature Metadata
More informationVirtual Meetings and Virtual Teams Using Technology to Work Smarter
http://www.psu.edu/president/pia/innvatin/ INNOVATION INSIGHT SERIES NUMBER 9 Virtual Meetings and Virtual Teams Using Technlgy t Wrk Smarter Yu need t have a meeting. Sme f the peple yu d like t include
More informationWhite Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com
White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm 2
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal
More informationHEALTH INFORMATION EXCHANGE GRANTS CRITERIA
1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between
More informationHouston Controls, Inc Safety Management System
Hustn Cntrls, Inc Dc N: Revisin Date: 3/16/2011 Revisin N. 1 Next Revisin Date: 3/16/2012 Preparatin: Safety Mgr Authrity: Dennis Jhnstn Issuing Dept: Safety Page: Page 1 f 11 Purpse The purpse f this
More informationInvestigative Management Program and Case Tracking System (IMPACT)
Privacy Impact Assessment fr the Investigative Management Prgram and Case Tracking System (IMPACT) February 4, 2008 Cntact Pint Office f Infrmatin Systems Drug Enfrcement Administratin 202-307-1000 Reviewing
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationSuccession Planning & Leadership Development: Your Utility s Bridge to the Future
Successin Planning & Leadership Develpment: Yur Utility s Bridge t the Future Richard L. Gerstberger, P.E. TAP Resurce Develpment Grup, Inc. 4625 West 32 nd Ave Denver, CO 80212 ABSTRACT A few years ag,
More informationedoc Lite Recruitment Guidelines
edc Lite Recruitment Guidelines Intrductin OneStart & the Academic Psitin Search Channel edc Lite Ruting and Wrkgrups Ruting Actin List Ruting Cntrls Wrkgrups Dcument Search edc Lite Dcuments Vacancy Ntice
More informationProcess of Setting up a New Merchant Account
Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am
More informationInformation Security Policy
Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every
More informationTITLE: RECORDS AND INFORMATION MANAGEMENT POLICY
TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act
More informationThe Ohio Board of Regents Credit When It s Due process identifies students who
Credit When It s Due/ Reverse Transfer FAQ fr students Ohi is participating in a natinal grant initiative, Credit When It s Due, designed t implement reverse-transfer, which is a prcess t award assciate
More informationAmerican Recovery and Reinvestment Act Reporting Policy
American Recvery and Reinvestment Act Reprting Plicy Updated May 2010 1 I. Backgrund On February 17, 2009, President Barack Obama signed the American Recvery and Reinvestment Act f 2009 (ARRA) int law.
More informationMigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200
MigratinWiz HIPAA Cmpliant Migratin Fcus n data migratin, nt regulatin. BitTitan Glbal Headquarters: 3933 Lake Washingtn Blvd NE Suite 200 Table f Cntents Kirkland, WA 98033 www.bittitan.cm sales@bittitan.cm
More informationHeythrop College Disciplinary Procedure for Support Staff
Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and
More informationAppendix A Page 1 of 5 DATABASE TECHNICAL REQUIREMENTS AND PRICING INFORMATION. Welcome Baby and Select Home Visitation Programs Database
Appendix A Page 1 f 5 The items in the list f database technical requirements belw was develped thrugh several meetings between First 5 LA Research and Evaluatin, Infrmatin Technlgy, and Prgram Develpment
More informationNERC-CIP Cyber Security Standards Compliance Documentation
Cmpliance Dcumentatin Briv OnAir 8/3/20154 Page 2 Overview This dcument is intended t be the primary surce f infrmatin fr Briv s cmpliance with the Nrth America Electric Reliability Crpratin (NERC) reliability
More informationAccessible Service Policy
Accessible Service Plicy Date Created Revisin Oct. 16, 2012 1 Gal This plicy is intended t meet the requirements f the Accessibility Standards fr Custmer Service, Ontari Regulatin 429/07 under the Accessibility
More informationCSAT Account Management
CSAT Accunt Management User Guide March 2011 Versin 2.1 U.S. Department f Hmeland Security 1 CSAT Accunt Management User Guide Table f Cntents 1. Overview... 1 1.1 CSAT User Rles... 1 1.2 When t Update
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationResearch Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012
Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.
More informationBond Authorization Requested
District r Charter Schl Cntact Persn: Address 1: Address 2: City: Zip Cde: Telephne: Email Address: Bnd Authrizatin Requested The maximum bnd authrizatin that may be requested per district r charter schl
More informationAccess EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3
EEC Single Sign In (SSI) Applicatin The EEC Single Sign In (SSI) Single Sign In (SSI) is the secure, nline applicatin that cntrls access t all f the Department f Early Educatin and Care (EEC) web applicatins.
More information