Table of Contents. Miami University Page 2
|
|
- Victoria Melton
- 8 years ago
- Views:
Transcription
1 OBIEE Security Authors: Amy Goll Last Updated: 6/12/2012
2 Table of Contents Miami University s Confidential Information Policy... 4 Security within OBIEE... 5 OBIEE Security Roles... 5 Miami Security Roles... 5 Responsibilities of Roles Regarding Security Application... 6 Responsibilities of Roles Regarding Information... 7 Scenario... 8 Security Procedures How Do I In Progress... 9 Add a new Author... 9 Add a new Publisher... 9 Add a new Active Directory Group... 9 Add a user to an Active Directory Group... 9 Miami University Page 2
3 Revision History Name Date Changes Made Version Amy Goll 3/5/12 initial draft Miami University Page 3
4 Miami University s Confidential Information Policy Excerpt from MUPIM Miami University collects, stores, and distributes large amounts of information essential to the performance of University business. This information represents a valuable University asset. Although a large portion of University information is public, a portion of our information is protected by state and federal laws. To comply with these laws and protect the University community, the University has the right and obligation to protect, manage, secure, and control information (whether in hard copy or stored as electronic data) in its possession. Information protected by federal or state law may not be shared with unauthorized persons. These laws include the Federal Privacy Act which protects social security numbers, the Family Educational Rights and Privacy Act (FERPA) which protects personally identifiable student records, the Gramm-Leach-Bliley Act (GLBA) which protects consumer financial information, and the Health Insurance Portability and Accountability Act (HIPAA) which protects personal health information. All employees, faculty and staff, bear responsibility for protecting confidential information from unauthorized disclosure. This is true whether this information is stored on paper, a network computer, on a laptop, on a personal digital assistant (PDA) or other device. Information that is protected by law may only be disclosed to authorized persons. Examples of confidential information include: social security numbers disability status health and medical information student advising records student grades student disciplinary records consumer financial information Banner student identification numbers trade secrets credit and debit card numbers Social security numbers are primarily used for student financial assistance and employment tax-related matters. If unique identification of an individual is required, an identifier other than a social security number should be used. The recommended identifier is the Banner Plus number. An appropriate security plan and the written consent of the Information Security Officer are required before any University office is permitted to collect and/or maintain social security numbers. Each faculty and staff member must assume responsibility for protecting confidential information from unauthorized exposure. This means you must: A. understand and follow Miami s Responsible Use of Computing Resources policy; B. consult the Information Security Office if you are uncertain whether certain information is confidential; C. consult the Information Security Office if you are uncertain how to safeguard confidential information; D. understand and follow the Miami University Computing Security Policy; E. protect your computer password and change it according to standards published by the Information Security Office in the IT Services Knowledge Base at F. NOT provide access to confidential information to any other person unless authorized to do so. Ohio law requires the University to take certain actions in the event of unauthorized disclosure of confidential information. You must report any suspected disclosure of confidential information to unauthorized persons to the Information Security Office (Call immediately and report that you suspect that confidential information has been disclosed). In addition to reporting the theft of any laptop, personal digital assistant or other device that contains confidential information to the appropriate law enforcement authorities, you must immediately report the loss/theft of any laptop, personal digital assistant or other device that contains confidential information to the Information Security Office. Miami University Page 4
5 Security within OBIEE Oracle Business Intelligence Enterprise Edition (OBIEE) software offers various types of security. These types include object and data level security. An object within OBIEE can be a dashboard, a report, a folder, or even a specific column of data. This type of security can allow Miami to include sensitive data in the data warehouse and allow users access to this information only if they have a specific need. Data level security offers Miami the ability to allow users to see specific data they need to see and prevent them from seeing data outside of their specified area. OBIEE Security Roles OBIEE is delivered with 3 basic roles. BIConsumer. The Consumer can only view and run existing dashboards, analysis and reports provided to them. These objects will be published in a shared area with proper security rights. Consumers typically are the broadest user base across the institution. BIAuthor. The Author can create and edit dashboards, analyses and reports. Authors will include a narrower user base than Consumers, including areas outside of the IT department BIAdministrator. The Administrator can edit and create new repositories and catalogs. They also have full control over all aspects of the OBIEE tool suite. This role is granted to only a few users within IT. Miami Security Roles Miami specific adaptation of Security BIConsumer.. The Consumer can only view and run existing dashboards, analysis and reports provided to them. These objects will be published in a shared area with proper security rights. Consumers will be the broadest user base across the university. BIAuthor. Authors will be able to create analysis and reports using any data subject areas available in the OBIEE system with the exception of information protected by law. Authors will only have the capability to save reports in their own folder area and will not be permitted to publish items to the shared areas for other users to use. Authors will be a narrower user base. BIPublisher. Miami will be creating this new role as another base role within OBIEE. The BIPublisher will have the same permissions as the BIAuthor with the added ability to publish into a shared space those dashboards, analyses and created by Authors. There will be a smaller number of Publishers than Authors. Not all Authors will be a Publisher but all Publishers will also be an Author. BIAdministrator. The number of Administrators for Miami will be limited to the database administrators. The administrator will be responsible for making code changes during the promotion process from development to test to production. Miami currently uses Active Directory and many of the groups in the Active Directory are automatically assigned or removed from users through a nightly process. There are other Active Directory groups that are specifically managed by certain users around the university. OBIEE is able to leverage all Active Directory groups both, automatically managed and user managed. Although initial setup will be the largest time consumer, being able to leverage the existing Active Directory (AD) framework will reduce the ongoing amount of time needed to oversee security within the OBIEE tool. In order to aid with future maintenance, roles will be named the same as the AD group. This maintenance strategy will identify AD changes which will impact OBIEE. Miami University Page 5
6 Responsibilities of Roles Regarding Security Application BIConsumer The BI Consumer will not hold any responsibility in creating or maintaining security. BIAuthor The BI Author will not hold any responsibility in creating or maintaining security. BIPublisher Within their area, the BI Publisher will be responsible for: Applying proper security permissions to any dashboard, analyses, or reports they publish to a shared folder. Assisting in the maintenance of the user maintained Active Directory groups. Review security structure on a semi-annual basis. This will align with the frequency of the current security review for the ERP system. BIAdministrator/IT Department The BI Administrator will be responsible for: Making code changes during the promotion process from development to test to production. Map new AD groups to application roles Create and/or amend security for the application roles The IT Department will be responsible for: Applying object level security, specifically data source and column level security, within the OBIEE Repository (RPD). Applying the proper security permissions to any dashboard, analyses, or reports published in the university wide Institutional Analytics folder. Miami University Page 6
7 Responsibilities of Roles Regarding Information BIConsumer As an end user of information made available within the OBIEE system, the Consumer are responsible for protecting the data. This includes ensuring private information is not disseminated outside the University or to persons without a necessary need for information. BIAuthor Authors are granted access to all data sources made available within the OBIEE system. With shared access to various subject areas, caution must be used to protect private information. Authors in one area who wish to use data from another area are responsible for collaborating with an Author of expertise in the other area. The collaboration should include a method of verification for the joint data. As a reminder, anything an Author creates, it is only available to that Author. BIPublisher Publishers are granted access to all data sources made available within the OBIEE system. With shared access to various subject areas, caution must be used to protect private information. If an Author requests to have an item published to a shared folder, the Publisher is responsible for collaborating with the Author to verify the data in the item to be shared (Dashboard, Analyses, or Report). This collaboration must include review of the data to be published. BIAdministrator/IT Department The IT Department will be responsible for verifying and maintain analyses, dashboards and reports published to the university wide Institutional Analytics folder. In this instance, the IT Department is acting as a Publisher and must follow the responsibilities of the Publisher role. Authors, Publishers and the IT department must understand the ramifications of any protected information being made available for general use. Another way of protecting the university s information from being erroneously exposed is by limiting how detailed information is presented. The proper procedure is to include a safeguard against the potential of a user getting to detailed information that could surface the identity of specific student(s), staff or faculty member(s). Every published item must be reviewed to verify that protected or identifying information is not revealed unless the user has a need for the information. Miami University Page 7
8 Scenario An Active Directory manager Jerry, in the Finance department, adds a user, Joe, to their Finance BI Author group. Joe is now able to create analyses and reports against all data available within OBIEE. This will include any data sources added in the future. Within each of the data sources, there may be data protected by regulations. When Joe was added to the Finance BI Author group, he may not be able to see protected data columns, such as SSN, Date of Birth, etc. Joe can only save any analysis or reports he creates in his own folder. If he has created something that should be made available to others, and there is no data used from outside his area, the BI Finance Publisher, Bill, would then have the responsibility of reviewing the analysis to verify the information is correct before promoting the analysis to a Shared Folder or Dashboard. If the analysis or reports is written using some Advancement data, Joe and Bill must review the information with the Advancement BI Publisher/Authors prior to publishing the analysis in the Shared Folder/Dashboard. Joe (and/or Bill) would then also become responsible for maintaining the analysis should changes be necessary. If Joe finds he has a need to include protected information within his analysis, then he would contact the publisher in the area of protected data ownership (ie, student DOB = Registrar area). However, Joe would have to understand if his analysis is published to a Shared Folder, and someone running the analysis does not have permissions to see the protected information, that person would not see the protected data in the report. Miami University Page 8
9 Security Procedures How Do I In Progress Add a consumer No action is required to add a consumer. If a user is an active faculty or staff member, they have access to the system. Add a new Author A request is sent to the Active Directory manager for the employee s area. Active Directory manager adds the user to the proper author group. The new user would be trained on the use of the tools, the proper use of the information they have access to, and the procedures of getting information published. Add a new Publisher A request would be sent to the Active Directory manager for the employee s area. Active Directory manager adds the user to the proper Publisher group. The new user would be trained on the use of the tools, the proper use of the information they have access to, and the procedures and responsibilities of publishing new content. Add a new Active Directory Group Add a user to an Active Directory Group Navigate and log into to the following site: Begin to type the name of the AD Group in the Edit box. It will begin to give suggestions as you type. Select the group you need to edit. Scroll to the bottom of the page. Add or remove users from this area. Miami University Page 9
10 Miami University Page 10
POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.
POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University
More informationPII Personally Identifiable Information Training and Fraud Prevention
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationInformation Security Policy
Information Security Policy Introduction The purpose of the is policy is to protect Rider University information resources from accidental or intentional unauthorized access, modification, or damage and
More information1 TABLE OF CONTENTS. 10-2015 Page 1
1 TABLE OF CONTENTS 1 Prerequisites: SWIFT Access and Data Warehouse Access... 2 2 Accessing OBIEE through the SWIFT Administrative Portal... 2 2.1 Navigate to the SWIFT Administrative Portal website...
More informationHamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)
Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative
More informationP02.07.066. Mobile Device Security.
P02.07.066. Mobile Device Security. A. University employees and students using a laptop computer or mobile device (e.g. portable hard drives, USB flash drives, smartphones, tablets) are responsible for
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationCollege of DuPage Information Technology. Information Security Plan
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
More informationBusiness Intelligence & Reporting. Application Access Guidelines
Business Intelligence & Reporting Application Access Guidelines DOCUMENT CONTROL DOCUMENT REFERENCE File Name: UTD Business Intelligence & Reporting Application Access Guidelines VERSION CONTROL All revisions
More informationPII = Personally Identifiable Information
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationTitle: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION
Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for
More informationHow To Protect Data At Northeast Alabama Community College
Information Systems Security Policy Northeast Alabama Community College Center for Information Assurance Northeast Alabama Community College 138 AL Hwy 35, Rainsville, AL 35986 (256) 228-6001 1 5/22/2014
More informationLANDER UNIVERSITY STUDENT INFORMATION SECURITY AND PRIVACY PROCEDURE
founded in 1872 LANDER UNIVERSITY Office of Information Technology Services LANDER UNIVERSITY STUDENT INFORMATION SECURITY AND PRIVACY PROCEDURE 2012 REVISION TABLE OF CONTENTS I. PRIVACY.....................................................
More informationPRIVACY POLICY. 3.3.1 The type of web browser and operating system you have used:
PRIVACY POLICY 1.0 Title: Privacy Policy Version Control: 1.0 Date of Implementation: 2015-03-16 2.0 Summary This document sets forth the Privacy Policy (the Policy ) that is designed to provide you with
More informationFERPA Q &A for Banner Users. November 15, 2013 Meredith Braz, Registrar and Kevin D. O Leary, Associate General Counsel
FERPA Q &A for Banner Users November 15, 2013 Meredith Braz, Registrar and Kevin D. O Leary, Associate General Counsel FERPA tutorial http://www.dartmouth.edu/~reg/guides/ferpa/ FERPA = Family Educational
More informationContact: Henry Torres, (870) 972-3033
Information & Technology Services Management & Security Principles & Procedures Executive Summary Contact: Henry Torres, (870) 972-3033 Background: The Security Task Force began a review of all procedures
More informationITS Policy Library. 11.06 - Device Encryption. Information Technologies & Services
ITS Policy Library 11.06 - Device Encryption Information Technologies & Services Responsible Executive: Chief Information Officer, WCMC Original Issued: July 15, 2008 Last Updated: November 21, 2014 POLICY
More informationOracle Business Intelligence Enterprise Edition LDAP-Security Administration. White Paper by Shivaji Sekaramantri November 2008
Oracle Business Intelligence Enterprise Edition LDAP-Security Administration White Paper by Shivaji Sekaramantri November 2008 OBIEE LDAP-Security Administration Before You Start... 3 Executive Overview...
More informationINFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
More informationInformation Security: A Perspective for Higher Education
Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose
More informationNew! LACCD Student Email 2013
CONGRATULATIONS! Pierce College is now providing its students with official college email accounts. Called your Student.laccd.edu email, it works at Pierce and in any of the nine colleges in the Los Angeles
More informationCentral Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy
Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy I. PURPOSE To identify the requirements needed to comply with
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationInformation Security Policy
Information Security Policy Policy Title Responsible Executive Responsible Office Information Security Policy Vice President for Information Technology and CIO, Jay Dominick Office of Information Technology,
More informationAn Introduction on How to Better Protect Your Computer and Sensitive Data
An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots
More informationHIPAA: Privacy/Info Security
HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure
More informationAlphabet Soup - GLBA, FERPA and HIPAA: Security Best Practices
Alphabet Soup - GLBA, FERPA and HIPAA: Security Best Practices (Session ID: 152) Maureen Carver, Assistant Dean and Registrar, Law School, Villanova University Rita Garner, Registrar, Medical College of
More informationSCDA and SCDA Member Benefits Group
SCDA and SCDA Member Benefits Group HIPAA Privacy Policy 1. PURPOSE The purpose of this policy is to protect personal health information (PHI) and other personally identifiable information for all individuals
More informationDCC student and employee information must be safeguarded.
1 2 Raise Awareness EVERYONE at DCC must know their responsibilities. DCC student and employee information must be safeguarded. What kinds of risks exist? Risk of theft Risk of simple misplacement such
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationInformation Security Manager Training
Information Security Manager Training Kent Swagler CCEP Director, Corporate Compliance Direct line (314) 923-3097 Cell (314) 575-8334 kswagler@metrostlouis.org Information Security Manager Training Overview
More informationInformation Systems Security Policy
Information Systems Security Policy University of South Alabama Computer Services Center University of South Alabama 5840 USA Drive South 251-460- 6161 5/19/2014 Outline 1 Introduction... 2 Data Retrieval
More informationSierra College ADMINISTRATIVE PROCEDURE No. AP 3721
Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721 Electronic Information Security and Data Backup Procedures Date Adopted: 4/13/2012 Date Revised: Date Reviewed: References: Health Insurance Portability
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationFACTS What does Mid Carolina CU do with your personal information?
FACTS What does Mid Carolina CU do with your personal information? Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not
More informationData Privacy and Gramm- Leach-Bliley Act Section 501(b)
Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement
More information*Signature: Trained by:
MEDITECH ACCESS REQUEST PHYSICIAN OFFICE STAFF This box is for IT use only. Lisa Linda Prov Dict Access Dictionaries PACS E-Sig agreement E-Sig PIN PD PIN 3-4 ID Emailed PK Emailed MUST sign: I have read
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationSecurity Awareness Training Policy
Security Awareness Training Policy I. PURPOSE This policy is intended to set the training standard for several key audiences in Salem State University, including, but not limited to: University executives,
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationHIPAA initially went into effect April 14, 2003. HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.
HIPAA Health Insurance Portability and Accountability Act HIPAA initially went into effect April 14, 2003 HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.
More informationUNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
More informationValdosta Technical College. Information Security Plan
Valdosta Technical College Information Security 4.4.2 VTC Information Security Description: The Gramm-Leach-Bliley Act requires financial institutions as defined by the Federal Trade Commision to protect
More informationCollege Operating Procedures (COP)
College Operating Procedures (COP) Procedure Title: Student Records Procedures Procedure Number: (FERPA) 03-1701 Originating Department: Provost/Vice President Academic Affairs Specific Authority: Family
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationITS Policy Library. 11.08 - Use of Email. Information Technologies & Services
ITS Policy Library Information Technologies & Services Responsible Executive: Chief Information Officer, WCMC Original Issued: December 15, 2010 Last Updated: September 18, 2015 POLICY STATEMENT... 3 REASON
More informationApplication for Bank of Pontiac NetTeller Services Internet Banking and Bill Pay
Application for Bank of Pontiac NetTeller Services Internet Banking and Bill Pay Please print, complete, and bring this form to any Bank of Pontiac location. You will receive your User ID and PIN via regular
More informationTest Yourself on FERPA
Test Yourself on FERPA The Family Educational Rights and Privacy Act of 1974 (also known as the Buckley Amendment) CCS Office of the Registrar 1 Review: basic student FERPA rights 1. Right to inspect and
More informationOracle E-Business Suite - Oracle Business Intelligence Enterprise Edition 11g Integration
Specialized. Recognized. Preferred. The right partner makes all the difference. Oracle E-Business Suite - Oracle Business Intelligence Enterprise Edition 11g Integration By: Arun Chaturvedi, Business Intelligence
More informationMEDICAL OFFICE COMPLIANCE TOOLKIT. The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA
MEDICAL OFFICE COMPLIANCE TOOLKIT The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA MEDICAL OFFICE COMPLIANCE TOOLKIT The Complete Medical Practice Compliance Resource HIPAA HITECH
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationOklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention
Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention
More informationTopic: Online Course Evaluation
Instructional Technology Services Faculty Help Topic: Online Course Evaluation Use the steps in this tutorial to learn how to set up a course evaluation using the Online Course Evaluation tool. Contents
More informationIvy Tech Community College of Indiana
Ivy Tech Community College of Indiana POLICY TITLE Family Educational Rights and Privacy Act (FERPA) POLICY NUMBER 3.6 (Former APPM 3.4) PRIMARY RESPONSIBILITY Student Affairs CREATION / REVISION / EFFECTIVE
More information<Insert Picture Here> Oracle WebCenter Spaces and Oracle BI Applications Configuration
Oracle WebCenter Spaces and Oracle BI Applications Configuration Christina Kolotouros Enterprise 2.0 Product Management May 4, 2011 Versions & Pre-requisites Oracle WebCenter Version
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationR345, Information Technology Resource Security 1
R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,
More informationTHE UNIVERSITY OF THE WEST INDIES Electronic Mail & Messaging Services Policy 1. Introduction
THE UNIVERSITY OF THE WEST INDIES Electronic Mail & Messaging Services Policy 1. Introduction In accordance with its broader strategic objectives, The University of the West Indies (the UWI) promotes the
More informationYU General Guidelines for Use of Social Media
INTRODUCTION AND SCOPE General Guidelines for Use of Social Media Social media can be a valuable and powerful means of communication. Yeshiva University and its constituent schools (collectively, the University
More informationstacktools.io Services Device Account and Profile Information
Privacy Policy Introduction This Privacy Policy explains what information Super7ui LLC collect about you and why, what we do with that information, how we share it, and how we handle the content you place
More informationAdopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures
Whitesheet Navigate Your Way to Compliance The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an American federal law that requires organizations that handle personal health information
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationWheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009
Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009 Late last year, the Federal Trade Commission (FTC) and Federal banking agencies issued a regulation
More informationBANKOH BUSINESS CONNECTIONS WIRE TRANSFER GUIDE
BANKOH BUSINESS CONNECTIONS WIRE TRANSFER GUIDE Revision 2/2013 1 of 35 Contents GENERAL INFORMATION... 3 Wire Transfers... 3 Types of Wires... 3 Wire Templates... 3 Bankoh Business Connections Wire Cut-off
More information8.03 Health Insurance Portability and Accountability Act (HIPAA)
Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of
More informationPRIVACY AND SECURITY POLICY
assess, align, achieve PRIVACY AND SECURITY POLICY ath Power Consulting is a professional market research and consulting firm. We are committed to maintaining the privacy of our website users, clients,
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationIdentity Theft and Data Protection
Identity Theft and Data Protection As keepers of student, faculty, and staff information, we as an institution are obligated and regulated by state and federal laws to protect certain pieces of information.
More informationHuman Subject Research: HIPAA Privacy and Security. Human Research Academy 101
Human Subject Research: HIPAA Privacy and Security Human Research Academy 101 Your Enterprise Privacy Officer Christine Adams, CHC, CHPC Enterprise Privacy Officer Compliance & Enterprise Risk Management
More informationResearch and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,
Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman, Department of Biomedical Informatics Vanderbilt University School
More informationOnline Agreement. Electronic Delivery of Documents
Online Agreement Electronic Delivery of Documents Requirement for Email Address: You agree to provide the Blue Mountain Credit Union (BMCU) with an email address for you to receive statement availability
More informationFEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA
APPENDIX PR 12-A FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA LEGAL CITATION California Civil Code Section 1798.82 California Health and Safety (H&S) Code Section 1280.15 42 U.S.C. Section
More informationIntroduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI
Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved
More informationHIPAA Compliance. 2013 Annual Mandatory Education
HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health
More informationUMDNJ Information Security Plan 2007
UMDNJ Information Security Plan 2007 W. Thompson Page 1 6/4/2007 Table of Contents Table of Contents... 2 Introduction... 3 Contact... 4 Risk Assessment... 5 Plan Components... 6 Awareness... 7 Policy
More informationCloud Computing and the Regulatory Compliance Labyrinth
Cloud Computing and the Regulatory Compliance Labyrinth About ERM About The Speaker Nick Shuman Information Security Consultant Bachelor of Science in Computer Science and Psychology - University of Miami
More informationMetropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
More informationInformation Security
Information Security Table of Contents Statement of Confidentiality and Responsibility... 2 Policy and Regulation... 2 Protect Our Information... 3 Protect Your Account... 4 To Change Your Password...
More informationPRIVACY POLICY (Update 1) FOR ONLINE GIVING FOR THE UNITED METHODIST CHURCH
A. Overview PRIVACY POLICY (Update 1) FOR ONLINE GIVING FOR THE UNITED METHODIST CHURCH GENERAL COUNCIL ON FINANCE AND ADMINISTRATION OF THE UNITED METHODIST CHURCH, INC., an Illinois corporation 1 Music
More informationProtecting Student Identity Principles of Good Practice University System of Georgia
Protecting Student Identity Principles of Good Practice University System of Georgia August 2002 Protecting Student Identity Principles of Good Practice University System of Georgia August 2002 Currently
More informationRowan University Data Governance Policy
Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data
More informationPrivacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy
Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) is broad federal legislation that includes
More informationInformation Technology Security Policies
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationHIPAA (The Health Insurance Portability and Accountability Act)
Section 16. HIPAA Requirements and Information HIPAA (The Health Insurance Portability and Accountability Act) Molina Healthcare s Commitment to Patient Privacy Protecting the privacy of members personal
More informationELECTRONIC FUNDS TRANSFERS AGREEMENT YOUR RIGHTS AND RESPONSIBILITIES
ELECTRONIC FUNDS TRANSFERS AGREEMENT YOUR RIGHTS AND RESPONSIBILITIES Indicated below are types of Electronic Funds Transfers we are capable of handling, some of which may not apply to your account. Please
More informationDATA AND USER ACCESS POLICIES
Contents UNIVERSITY OF CHICAGO ALUMNI & DEVELOPMENT DATABASE (GRIFFIN) DATA AND USER ACCESS POLICIES Approved by the Griffin Steering Committee 2/1/07 What is Griffin? Griffin Policies & Procedures Your
More informationOctober is Cyber Security Month
October is Cyber Security Month Topics Passwords SPI (Sensitive Personal Information) Emails Access Control Portable devices (Mobile, Thumb, laptop, ipad, Tablet, etc) Social Media Check your password
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationITS Policy Library. 11.08 - Use of Email. Information Technologies & Services
ITS Policy Library 11.08 - Use of Email Information Technologies & Services Responsible Executive: Chief Information Officer, WCMC Original Issued: December 15, 2010 Last Updated: February 3, 2015 POLICY
More informationSubscription Administrator Guide. For GS1 Canada Services
For GS1 Canada Services The information contained in this document is privileged and confidential and may otherwise be exempt from disclosure under applicable law. It is intended solely for the entity
More informationADMINISTRATIVE DATA MANAGEMENT AND ACCESS POLICY
ADMINISTRATIVE DATA MANAGEMENT AND ACCESS POLICY PURPOSE The value of data as an institutional resource is increased through its widespread and appropriate use; its value is diminished through misuse,
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationInformation Security Policy
Information Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( BAA ) is by and between the National Association of Boards of Pharmacy
More information