Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Size: px
Start display at page:

Download "Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013"

Transcription

1 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch Management Rule is t ensure that infrmatin abut vulnerabilities and threats t the University f Utah s ( University ) PCI systems and resurces are btained and evaluated, and apprpriate measures taken t address the risks thrugh the applicatin f system patches Scpe The Patch Management Rule applies t all PCI systems and resurces cnnected t the University s netwrk. This includes netwrk devices, servers, perating systems, desktps, laptps, applicatins and prgrams Rule Statement The Infrmatin Security Office shall crdinate with IT supprt prfessinals t implement a patch management prgram t systematically manage vulnerabilities and threats t the University s infrmatin systems and resurces, and ensure all related patches are installed in a timely manner Patch Management fr PCI Systems Area Statement: The Infrmatin Security Office shall reprt t University leadership the security psture relative t University infrmatin systems and resurces having relevant and apprved security patches are installed, as they becme available based n system criticality and risk. Apprved patches may have t be determined n a system-by-system basis with applicatin vendrs, IT supprt prfessinals, and Infrmatin Security crdinatin Testing Patches All security-related patches, fixes and updates develped by in-huse develpers r prvided by vendrs, user assciatins and ther trusted third parties shall be tested by the University's IT Prfessinals/Administratrs prir t implementatin. [Ref: CS171, PCI] The IT Administratr shall perfrm, crdinate and supprt patching f systems. Specific respnsibilities shall include:

2 Mnitring vendr and gvernment vulnerability alerts, web sites, and mailing lists. Als cnsideratin shuld be given t subscribing t cmmercial vulnerability services that culd prvide the University with an early warning t ptential vulnerabilities and threats. Wrking with apprpriate system vendrs t respnd t system-specific security prblems and cncerns (i.e., perating system patches) Testing patches, fixes and wrkarunds, prir t distributin t IT prfessinals/administratrs Ntifying resurce administratrs f vulnerabilities as they are identified Prviding technical assistance t IT prfessinals/administratrs during the patch implementatin prcess Mnitring via autmated mechanisms, the patch implementatin prcess t ensure patches are being laded identifying, develping, purchasing and/r distributing security assessment tls Installatin f Patches Resurce administratrs are respnsible fr installing available patches n the infrmatin resurces under their cntrl in a timely fashin. Security patches relevant t the prtectin f Restricted r Sensitive infrmatin (i.e. cardhlder infrmatin) shall be installed within ne mnth f release. [Ref: CS493, PCI] [Rules] Resurce administratrs shuld use the fllwing prcess t ensure that patches d nt cmprmise the security f the infrmatin systems being patched: Obtain the patch frm a knwn, trusted surce Verify the integrity f the patch thrugh such means as cmparisns f cryptgraphic hashes t ensure the patch btained is the crrect, unaltered patch Apply the patch t an islated test system and verify that the patch Is cmpatible with ther sftware used n systems t which the patch will be applied Des nt alter the system's security psture in unexpected ways, such as altering lg settings Crrects the pertinent vulnerability Backup prductin systems prir t applying the patch Apply the patch t prductin systems using secure methds, and update the cryptgraphic checksums f key files as well as that system's sftware archive

3 Test the resulting system fr knwn vulnerabilities Update the master cnfiguratins used t build new systems Create and dcument an audit trail f all changes Seek additinal expertise as necessary t maintain a secure cmputing envirnment Install updates autmatically withut individual user interventin Emply autmated mechanisms t make security alert and advisry infrmatin available thrughut the rganizatin If a patch, fix r service pack cannt be applied because it damages ther applicatins n the system, the risk psed by the unpatched vulnerability shuld be dcumented and the Infrmatin Security Office and the Infrmatin Owner shuld be ntified. When infrmatin systems are knwn t have vulnerabilities and cannt be patched, cmpensating cntrls shall be implemented t mitigate the risk Testing Infrmatin Systems After perating systems changes (e.g., patches, upgrades, r new versins), applicatins and supprt prcesses shall be reviewed and tested including: applicatin cntrl and integrity prcedures; supprt and develpment plans fr perating system changes; prper ntificatin f changes t user cmmunity, and updates t any applicable business cntinuity plans and/r recvery prcesses. [Ref: CS844, PCI] Vulnerability Management Prcesses The Infrmatin Security Office shall ensure that vulnerability assessments are cnducted fr the University s infrmatin systems and resurces that include vulnerability scans that are cnducted at least mnthly. Vulnerability remediatin effrts, including patch implementatins, shall be crdinated and prcessed accrding t the University s change management prcess (refer t the Change Management Plicy). This includes meeting all testing and/r dcumentatin requirements. Technical vulnerabilities, including vendr supplied patches, shall be classified using the fllwing rating system. [Operatinal grups] shall remediate technical vulnerabilities r install patches using the fllwing [schedules]: [Ref: CS845, PCI] Immediate: This classificatin applies t threats that are actively impacting the envirnment. Patches classified as immediate will be implemented withut delay using emergency change cntrl prcedures. Critical: Critical patches are tp pririty fr implementatin because there are active knwn cde and/r prcess issues related t the sftware. Critical patches shuld be implemented within 36 hurs using emergency change cntrl prcedures. Imprtant: Imprtant Patches are t be implemented upn first available nrmal peratinal

4 pprtunities. These patches have n existing negative impacts n perating results. Imprtant patches will be implemented within seven (7) days using nrmal change cntrl prcedures. Operatinal: Operatinal patches are t be implemented upn the next peratinal patch prmtin schedule. This classificatin is fr enhancement patches that imprve peratins, but are nt required fr fixing inaccurate data r prcess results. Operatinal patches will nrmally be implemented within 30 days using nrmal change cntrl prcedures. The Infrmatin Security Office shall be respnsible fr maintaining the dcumentatin f the analysis prduced by the technical vulnerability management prcesses, and is als respnsible fr escalating r de-escalating vulnerability classificatins and cmmunicating changes, as apprpriate. The Infrmatin Security Office and UIT shall be respnsible fr develping prcesses fr asset management, classificatin and priritizatin f systems in supprt f the technical vulnerability management prcesses. This includes a detailed asset inventry with apprpriate dcumentatin t facilitate priritizatin and implementatin f vulnerability remediatin activities and the applicatin f patched. The Infrmatin Security Office shall ensure that baseline cnfiguratin is dcumented and maintained fr the University s infrmatin systems and resurces. The vulnerability and patch management prcesses shall be reviewed n an annual basis Cntacts A. Plicy Owner: Questins abut this rule shuld be directed t the CISO, B. Plicy Officer: Only the CIO, , has the authrity t grant exceptins t this rule References A. Plicy 4-002: Infrmatin Resurces Plicy B. Plicy 4-004: University f Utah Infrmatin Security Plicy C. Data Classificatin Mdel 01.7 Plicy Meta-Data A. Plicy Owner B. Audience C. Status D. Published Date E. Effective Date F. Next Review Date

5 01.8 Revisin Histry

Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (proposed)

Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (proposed) Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (prpsed) 01.1 Purpse The

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Help Desk Level Competencies

Help Desk Level Competencies Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

IT CHANGE MANAGEMENT POLICY

IT CHANGE MANAGEMENT POLICY IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Service Level Agreement Distributed Hosting and Distributed Database Hosting

Service Level Agreement Distributed Hosting and Distributed Database Hosting Office f Infrmatin Technlgy Services Service Level Agreement Distributed Hsting and Distributed Database Hsting Nvember 12, 2013 Service Descriptin Distributed Hsting and Distributed Database Hsting Service

More information

Database Services - Extended

Database Services - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and Database Services t dcument: The technlgy services Database Services prvides t the custmer. The targets fr respnse times, service

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE

ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE 1 INTRODUCTION Third party auditr/cnsultant plays an imprtant rle in decmmissining t ensure that all critical decmmissining activities

More information

Support Services. v1.19 / 2015-07-02

Support Services. v1.19 / 2015-07-02 Supprt Services v1.19 / 2015-07-02 Intrductin - Table f Cntents 1 Intrductin... 3 2 Definitins... 4 3 Supprt Prgram Feature Overview... 5 4 SLA fr the Supprt Services... 6 4.1 Standard Supprt... 6 4.2

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

System Business Continuity Classification

System Business Continuity Classification Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required

More information

Nuance Healthcare Services Project Delivery Methodology

Nuance Healthcare Services Project Delivery Methodology NUANCE PROFESSIONAL SERVICES Nuance Healthcare Services 2008 Nuance Cmmunicatins, Inc. All rights reserved. Nuance Healthcare Services 1 INTRODUCTION This dcument describes the prject management methdlgy

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

Change Management Process For [Project Name]

Change Management Process For [Project Name] Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI

More information

The AppSec How-To: Choosing a SAST Tool

The AppSec How-To: Choosing a SAST Tool The AppSec Hw-T: Chsing a SAST Tl Surce Cde Analysis Made Easy GIVEN THE WIDE RANGE OF SOURCE CODE ANALYSIS TOOLS, SECURITY PROFESSIONALS, AUDITORS AND DEVELOPERS ALIKE ARE FACED WITH THE QUESTION: Hw

More information

Request for Proposal Technology Services

Request for Proposal Technology Services Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage

More information

OITS Service Level Agreement

OITS Service Level Agreement OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.

More information

S&T IT Change Management Policy and Procedure

S&T IT Change Management Policy and Procedure S&T IT Change Management Plicy and Prcedure 5/1/2016 Page 2 f 10 Executive Summary S&T IT Change Management All IT & Ed Tech staff are respnsible t fllw the Change Management Prcess when intrducing changes

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

State Fleet Card Oversight Usage and Responsibilities

State Fleet Card Oversight Usage and Responsibilities State Fleet Card Oversight Usage and Respnsibilities Intrductin The Department f General Services (DGS), Office f Fleet and Asset Management (OFAM) administers a statewide ne-prvider payment system cntract

More information

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7 Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004E Payment Card Industry (PCI) Netwrk Security (prpsed) 01.1 Purpse The purpse f this Netwrk

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Oracle Cloud Enterprise Hosting and Delivery Policies

Oracle Cloud Enterprise Hosting and Delivery Policies Oracle Clud Enterprise Hsting and Delivery Plicies Statement f Changes Versin 1.5, 6/01/2015 This dcument utlines changes made t the Oracle Clud Enterprise Hsting and Delivery Plicies dated December 1,

More information

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD)

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD) State f Wiscnsin Divisin f Enterprise Technlgy (DET) Distributed Database Hsting Service Offering Definitin (SOD) Distributed Database Hsting SOD Page 1 12/9/2010 Dcument Revisin Histry (Majr Pst Publishing

More information

Service Level Agreement

Service Level Agreement Template SDSU-TPL-11085 v1.3 18/1/11 IT Services Service Level Agreement Enterprise CRM (ECRM) Versin: 0.1 01/11/2010 Cntents 1 INTRODUCTION... 4 1.1 Scpe f the Agreement... 4 1.2 Duratin f the Agreement...

More information

Service Level Agreement

Service Level Agreement Template SDSU-TPL-11085 v1.3 18/1/11 IT Services Service Level Agreement Staff Email and SMTP Accunts (EMSF) Versin: 0.1 01/11/2010 Service Level Agreement: Staff Email and SMTP Accunts (EMSF) Cntents

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

Electronic and Information Resources Accessibility Compliance Plan

Electronic and Information Resources Accessibility Compliance Plan Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise

More information

Managed Firewall Service Definition. SD007v1.1

Managed Firewall Service Definition. SD007v1.1 Managed Firewall Service Definitin SD007v1.1 Managed Firewall Service Definitin Service Backgrund It is imprtant t nte that the functin f any firewall service is t filter traffic cming int the netwrk (als

More information

Vulnerability Management:

Vulnerability Management: Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Electronic Data Interchange (EDI) Requirements

Electronic Data Interchange (EDI) Requirements Electrnic Data Interchange (EDI) Requirements 1.0 Overview 1.1 EDI Definitin 1.2 General Infrmatin 1.3 Third Party Prviders 1.4 EDI Purchase Order (850) 1.5 EDI PO Change Request (860) 1.6 Advance Shipment

More information

Woodstock Multimedia, INC. Software/Hardware Usage Policy

Woodstock Multimedia, INC. Software/Hardware Usage Policy Wdstck Multimedia, INC. Sftware/Hardware Usage Plicy POLICY PURPOSE The purpse f the Wdstck Multimedia, INC. Sftware / Hardware Usage Plicy is t ensure that Wdstck Multimedia, INC. emplyees are prperly

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site.

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site. Hardware Request System Visin 1 Intrductin 1.1 Dcument Purpse and Scpe This dcument utlines the visin fr the Hardware Request system. The purpses f this dcument are t: Identify and agree n the prblems

More information

Symantec Managed Backup Services

Symantec Managed Backup Services Service Overview This, with any attachments included by reference, is part f any agreement which incrprates this Service Descriptin by reference (cllectively, the Agreement ), fr thse Services which are

More information

Symantec Managed Data Loss Prevention

Symantec Managed Data Loss Prevention Symantec Managed Data Lss Preventin Service Descriptin Service Overview This Service Descriptin, with any attachments included by reference, is part f any agreement which incrprates this Service Descriptin

More information

Frequently Asked Questions: CMMI Data Collection

Frequently Asked Questions: CMMI Data Collection Frequently Asked Questins: CMMI Data Cllectin 1. What are the minimum requirements fr a care manager s cmputer? 2. What data are cllected frm the practices as part f the CMMI grant? 3. What is the PAM?

More information

OVERTIME STATUS OF MORTGAGE LOAN OFFICERS UNDER FLSA (Prepared in collaboration with Employment Law Compliance)

OVERTIME STATUS OF MORTGAGE LOAN OFFICERS UNDER FLSA (Prepared in collaboration with Employment Law Compliance) OVERTIME STATUS OF MORTGAGE LOAN OFFICERS UNDER FLSA (Prepared in cllabratin with Emplyment Law Cmpliance) Cntents: General Cmments Differing Treatment fr Emplyees with the Same Title Applicatin f Interpretatin

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Customer Service Description

Customer Service Description Page: 1 f 10 Hewlett-Packard Cmpany HP Services Slutin Center Custm Prjects Prgram http://www.hp.cm/hps/ perfrmance & availability sftware services per event supprt & cnsulting Custmer Service Descriptin

More information

OR 2) Implement and customize an off the shelf product that would suit the requirements

OR 2) Implement and customize an off the shelf product that would suit the requirements CRM Custmer Relatinship Management Request fr Prpsal (RFP) Created by : Gayathri Jaganathan Rle : Prject Manager Prpsal Date: 10/02/06 Organizatin: AIM Alliance Inspectin Management Cmpany Lcatin : 28235

More information

Monthly All IFS files, all Libraries, security and configuration data

Monthly All IFS files, all Libraries, security and configuration data Server Backup Plicy Intrductin Data is ne f Banks DIH Limited s mst imprtant assets. In rder t prtect this asset frm lss r destructin, it is imperative that it be safely and securely captured, cpied, and

More information

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

CSC IT practix Recommendations

CSC IT practix Recommendations CSC IT practix Recmmendatins CSC Healthcare 28th January 2014 Versin 3 www.csc.cm/glbalhealthcare Cntents 1 Imprtant infrmatin 3 2 IT Specificatins 4 2.1 Wrkstatins... 4 2.2 Minimum Server with 1-5 wrkstatins

More information

State of Wisconsin. File Server Service Service Offering Definition

State of Wisconsin. File Server Service Service Offering Definition State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

Connect Applications Service Annex to General Services Schedule Connect Acceleration

Connect Applications Service Annex to General Services Schedule Connect Acceleration 1 Definitins The fllwing definitins apply, in additin t thse in the General Terms and Cnditins and the General Service Schedule. Applicatin means a cmputer prgram r prgrams supprting a business task fr

More information

PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700

PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 Plicy Title Versin Number Date Issued Critical Incident Management Plicy 2.0 Nvember 2007 Reviewed April 2010 June 2015 Definitin Critical incidents

More information

S TAT E M E N T O F WO R K

S TAT E M E N T O F WO R K H A W A I I I N F O R M A T I O N C O N S O R T I U M S TAT E M E N T O F WO R K HAWAII WEBSITE HOSTING AND DESIGN SERVICES OVERVIEW This Statement f Wrk (SOW) dcument identifies the respnsibilities

More information

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in

More information

HP Point of Sale FAQ Warranty, Care Pack Service & Support. Limited warranty... 2 HP Care Pack Services... 3 Support... 3

HP Point of Sale FAQ Warranty, Care Pack Service & Support. Limited warranty... 2 HP Care Pack Services... 3 Support... 3 HP Pint f Sale FAQ Warranty, Care Pack Service & Supprt Limited warranty... 2 HP Care Pack Services... 3 Supprt... 3 Limited warranty Q: What des a 3/3/3 limited warranty mean? A: HP Retail Pint f Sale

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

BLACKBOARD LEARN MANAGED HOSTING TERMS, SPECIFICATIONS & SERVICE LEVELS

BLACKBOARD LEARN MANAGED HOSTING TERMS, SPECIFICATIONS & SERVICE LEVELS TERMS APPLICABLE TO BLACKBOARD MANAGED HOSTING SERVICE Belw are certain terms and cnditins applicable t the managed hsting Services. Definitins used but nt defined herein shall have the meanings ascribed

More information

2008 BA Insurance Systems Pty Ltd

2008 BA Insurance Systems Pty Ltd 2008 BA Insurance Systems Pty Ltd BAIS have been delivering insurance systems since 1993. Over the last 15 years, technlgy has mved at breakneck speed. BAIS has flurished in this here tday, gne tmrrw sftware

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager JOB SPECIFICATION FUNCTION JOB TITLE REPORTING TO GRADE WORK PATTERN LOCATION IT & Digital Netwrk Services Analyst Netwrk Services Team Manager Band D Full-time Birmingham TRAVEL REQUIRED Occasinally ROLE

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

MANAGED VULNERABILITY SCANNING

MANAGED VULNERABILITY SCANNING Abut SensePst SensePst is an independent and bjective rganisatin specialising in infrmatin security cnsulting, training, security assessment services and IT Vulnerability Management. SensePst is abut security.

More information

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information

Unified Communications

Unified Communications Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No. HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal

More information

ACQUIRED RARE DISEASE DRUG THERAPY EXCEPTION PROCESS

ACQUIRED RARE DISEASE DRUG THERAPY EXCEPTION PROCESS ADMINISTRATIVE POLICY ACQUIRED RARE DISEASE DRUG THERAPY EXCEPTION PROCESS Plicy Number: ADMINISTRATIVE 19.8 T Effective Date: Octber 1, 014 Table f Cntents CONDITIONS OF COVERAGE... BENEFIT CONSIDERATIONS...

More information

FY-2006 Networking and Security Engineering and Operations NASA Task TM: Richard Kurak

FY-2006 Networking and Security Engineering and Operations NASA Task TM: Richard Kurak FY-2006 Task A-03: Netwrking and Security Engineering and Operatins NASA Task TM: Richard Kurak Task Summary: The Office f Chief Infrmatin Office (OCIO) is respnsible fr prviding ttal cmmunicatins capabilities

More information

Data Warehouse Scope Recommendations

Data Warehouse Scope Recommendations Rensselaer Data Warehuse Prject http://www.rpi.edu/datawarehuse Financial Analysis Scpe and Data Audits This dcument describes the scpe f the Financial Analysis data mart scheduled fr delivery in July

More information

HP ValuPack Consulting Description OpenVMS Engineering Change Order (ECO) Patch List

HP ValuPack Consulting Description OpenVMS Engineering Change Order (ECO) Patch List HP ValuPack Cnsulting Descriptin OpenVMS Engineering Change Order (ECO) Patch List HP ValuPacks are standardized cnsulting services, prvided by HP Slutin Center Service Prfessinals, with pre-defined custm

More information

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp Cnfiguring, Mnitring and Deplying a Private Clud with System Center 2012 Bt Camp Length: 5 Days Technlgy: Micrsft System Center 2012 Delivery Methd: Instructr-led Hands-n Audience Prfile This curse is

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

.100 POLICY STATEMENT

.100 POLICY STATEMENT Treasury Management Operatins Sectin: Treasury Management Number: 105.100 Title: Treasury Management Operatins POLICY Index.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

Accessible Service Policy

Accessible Service Policy Accessible Service Plicy Date Created Revisin Oct. 16, 2012 1 Gal This plicy is intended t meet the requirements f the Accessibility Standards fr Custmer Service, Ontari Regulatin 429/07 under the Accessibility

More information

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

SBClient and Microsoft Windows Terminal Server (Including Citrix Server) SBClient and Micrsft Windws Terminal Server (Including Citrix Server) Cntents 1. Intrductin 2. SBClient Cmpatibility Infrmatin 3. SBClient Terminal Server Installatin Instructins 4. Reslving Perfrmance

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

State of Wisconsin DET Dedicated Virtual Host Services Offering Definition

State of Wisconsin DET Dedicated Virtual Host Services Offering Definition State f Wiscnsin DET Dedicated Virtual Hst Services Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 10/29/2010 1.0 Phil Staley Initial draft 11/3/2010 1.1 Phil Staley Ryan McKee Secnd

More information

P CARD College of Health and Rehabilitation Sciences: Sargent Internal Policy

P CARD College of Health and Rehabilitation Sciences: Sargent Internal Policy P CARD Cllege f Health and Rehabilitatin Sciences: Sargent Internal Plicy All purchasing card hlders must read the Purchasing Card Prgram Manual (P Card Manual) and cnfirm upn ding s via email t the SAM

More information