Central Piedmont Community College
|
|
- Winfred Ball
- 8 years ago
- Views:
Transcription
1 Central Piedmont Community College Request for Information (RFI) Mechatronics Re-Envisioned: A Department of Labor TAACCCT Grant Supporting the Digitization of Advanced Manufacturing Curriculum 1 P age
2 TABLE OF CONTENTS 1. Summary and Background Purpose of the RFI Submission Guidelines Request for Information Timeline and Review Request for Information Submission/Contact Information Appendix A/Course Descriptions Appendix B/CPCC Hosted Solution Requirements P age
3 1. Summary and Background The Mechatronics Re-Envisioned project will provide a vital educational resource that contributes to the growth and globalization of the Southeast s energy sector and the advanced manufacturing industry partners that form the region s energy cluster. Initiated at Central Piedmont Community College located in Charlotte, North Carolina, Mechatronics Re-Envisioned will engage key workforce and economic development leaders, regional employers, secondary, two year and four year education partners, and national industry partners to address key issues and explore pedagogical approaches within the field of Mechatronics identified as an emerging and growing field by the US Department of Labor. Mechatronics Re-Envisioned will meet the rising workforce requirements in the Charlotte Region s Energy sector and slow the growth of skill mismatches that are hampering the State s efforts to globalize and progress economically. Energy and Advanced Manufacturing have been identified as target industries for jobs attraction and retention (based on wage rate and projected growth analytics) and Mechatronics Re-Envisioned supports efforts to catalyze and enhance training targeted to these industries. Mechatronics Re-Envisioned also aligns with the North Carolina Jobs Plan (December 2013) goal of Developing and retaining a globally competitive workforce with the knowledge and skills for high quality, sustainable North Carolina jobs. CPCC championed the development and State Board approval of the original Mechatronics AAS degree and assisted the US DOL in the development of the Mechatronics career cluster competency model. Building on this work, the college will lead a gap analysis of the current curriculum, facilitate consensus on updating course content, establish lab standards, and modernize the delivery method. CPCC will also work with four year institutions across the State to establish articulation agreements and ensure credits earned at the community college transfer to four year degree programs. Employer partners will also play a critical role in the creation of Mechatronics career pathways that will lead to employment in a variety of positions in the growing energy industry sector. 2. Purpose of the RFI The purpose of this RFI is to contract with a qualified digital publishing firm to work with our subject matter experts at Central Piedmont Community College to modularize and digitize course materials included in ten curriculum courses in our Mechatronics Engineering Technology program and one accelerated Industrial Maintenance Fast Track course. Digitized courses should include engaging curriculum, simulations, high-quality video, assessments, and other electronic tools that ensure students meet the course competencies. The curriculum courses to be modularized and digitized are as follows: ATR 112 Introduction to Automation ELC 130 Advanced Motor and Controls ELC 131 Circuit Analysis I ELN 133 Digital Electronics ELN 260 Programmable Logic Controllers ISC 112 Industrial Safety MEC 130 Mechanisms MEC 180 Engineering Materials MEC 265 Fluid Mechanics PHY 131 Physics-Mechanics Industrial Maintenance Fast Track The majority of the courses above will be digitized within the 2015/2016 academic year with minor revisions being made in the following year. See Appendix A for course descriptions. 3 P age
4 All courses digitized must meet the approved Central Piedmont Community College Technology Standard. See Appendix B for approved CPCC Technology Standard. 3. Submission Guidelines CPCC wishes to evaluate all responses equally. To ensure consideration for this Request for Information, your submission should include all of the following: Cover Letter Company Profile Describe your interest in this project and the unique advantage your firm and team brings. List a maximum of five (5) relevant, similar projects, either currently in progress or having been completed in the past five (5) years, containing work comparable to this specific project, including any projects with CPCC. Discuss the firm s understanding of the Mechatronics Re-Envisioned project and describe the proposed project approach to deliver the services in an effective, timely, economical and professional manner. Provide an organization chart and curriculum vitae of all key team members who will be directly involved in providing services, including any subcontractors, to be assigned specifically to this project. Identify the Project Manager who will be empowered to make decisions for and act on behalf of the firm. Outline the project plans, structure and services to be provided and how and when these services shall be provided. Describe any support needed from CPCC staff in order to execute the Services. Describe the course delivery process including authentication, accessibility, and user experience. If the delivery process includes a hosted solution please ensure that the requirements in appendix B are followed. 4. Request for Information Timeline and Review All responses to this RFI are due no later than 5pm EST July 1, Evaluation of responses will be conducted from July 2, 2015 thru July 14, Interviews/Presentations will be held with firms on July 13 and 14 based on the recommendation of the selection committee. All parties will be notified of the committee selection within 30 days after the contract award. 5. Request for Information Submission/Contact Information Respondents should submit their entry to the address below by July 1, 2015 at 5pm EST. Submissions may also be sent via to mike.hogan@cpcc.edu. Central Piedmont Community College P.O. Box Charlotte, NC Attention: Mike Hogan, Associate Dean, STEM 4 P age
5 Appendix A Course Descriptions ATR 112 Introduction to Automation This course introduces the basic principles of automated systems and describes the tasks that technicians perform on the job. Topics include the history, development, and current applications of robots and automated systems including their configuration, operation, components, and controls. Upon completion, students should be able to understand the basic concepts of automation and robotic systems. ELC 130 Advanced Motor and Controls This course covers motors concepts, construction and characteristics and provides a foundation in motor controls. Topics include motor control ladder logic, starters, timers, overload protection, braking, reduced voltage starting, SCR control, AC/DC drives, system and component level troubleshooting. Upon completion, students should be able to specify, connect, control, troubleshoot, and maintain motors and motor control systems. ELC 131 Circuit Analysis I This course introduces DC and AC electricity with an emphasis on circuit analysis, measurements, and operation of test equipment. Topics include DC and AC principles, circuit analysis laws and theorems, components, test equipment operation, circuit simulation, and other related topics. Upon completion, students should be able to interpret circuit schematics; design, construct, verify, and analyze DC/AC circuits; and properly use test equipment. ELN 133 Digital Electronics This course covers combinational and sequential logic circuits. Topics include number systems, Boolean algebra, logic families, medium scale integration (MSI) and large scale integration (LSI) circuits, analog to digital (AD) and digital to analog (DA) conversion, and other related topics. Upon completion, students should be able to construct, analyze, verify, and troubleshoot digital circuits using appropriate techniques and test equipment. ELN 260 Programmable Logic Controllers This course provides a detailed study of PLC applications, with a focus on design of industrial controls using the PLC. Topics include PLC components, memory organization, math instructions, documentation, input/output devices, and applying PLCs in industrial control systems. Upon completion, students should be able to select and program a PLC system to perform a wide variety of industrial control functions. ISC 112 Industrial Safety This course introduces the principles of industrial safety. Emphasis is placed on industrial safety and OSHA regulations. Upon completion, students should be able to demonstrate knowledge of a safe working environment and OSHA compliance. MEC 130 Mechanisms This course introduces the purpose and action of various mechanical devices. Topics include cams, cables, gear trains, differentials, screws, belts, pulleys, shafts, levers, lubricants, and other devices. Upon completion, students should be able to analyze, maintain, and troubleshoot the components of mechanical systems. MEC 180 Engineering Materials This course introduces the physical and mechanical properties of materials. Topics include materials testing, pre- and post-manufacturing processes, and material selection of ferrous and non-ferrous metals, plastics, composites, and non-conventional materials. Upon completion, students should be able to utilize basic material property tests and select appropriate materials for applications. 5 P age
6 MEC 265 Fluid Mechanics This course covers the physical behavior of fluids and fluid systems. Topics include fluid statics and dynamics, laminar and turbulent flow, Bernoulli's Equation, components, applications, and other related topics. Upon completion, students should be able to apply fluid power principles to practical applications. PHY 131 Physics-Mechanics This Algebra/Trigonometry-Based course introduces fundamental physical concepts as applied to engineering technology fields. Topics include systems of units, problem-solving methods, graphical analysis, vectors, motion, forces, Newton's laws of motion, work, energy, power, momentum, and properties of matter. Upon completion, students should be able to apply the principles studied to applications in engineering technology fields. Credit by exam for PHS 151 can be obtained by request upon completion. 6 P age
7 Appendix B Introduction Hosted Solution Requirements Central Piedmont Community College Hosted Solution refers to the software service model whereas an application is hosted by a service provider to customers across the Internet. By eliminating the need to install and run the application on the customer's own servers and network, hosted solutions alleviates the customer's burden of software maintenance, ongoing operation, and support. While the technical needs for servicing the application is no longer needed, the burden of meeting CPCC s technology standards, security standards, service standards, and regulatory policies must be held. This document provides the basis of these requirements. General Services Authentication Environment CPCC has a strict policy requiring Hosted Solution vendors to provide authentication through CPCC s authentication solution. Service providers must be able to interface with CAS (Central Authentication Service) version 3.3 utilized at CPCC. CAS is an open source, token-based authentication system, that is a JA-SIG project. CAS provides a single-sign on authentication system. Additional information may be obtained through Providers are expected to support the currently supported versions of the CAS protocol, as identified on the JA-SIG web site, or the current supported version of the SAML protocol. In the event that a provider is not able to interface with CAS, a letter of exception must be approved by CPCC ITS. Service Authorization Services provided by the Hosted Solution must provide authorization capabilities internally within the application. These services must be documented and provided to ITS along with all information stored by the Hosted Solution provider related to individuals, groups, and authorization schemas. Reporting Services In the event that regular data extraction is not available for the use of developing reports with CPCC reporting solutions, then a description of available reporting services must be provided. Details with regards to documentation and training should be included. Customization Capabilities Services provided by the Hosted Solution provider may not meet all the requirements of CPCC. Therefore, customizations may be required to meet these requirements. However, customizations may 7 P age
8 be provided in various ways and with limitations. Customizations should be categorized as the following and the requirements must be met Configuration: pre-determined options available to CPCC with the ability to easily modify. Typically, provided through either a configuration file or settings in a database table. Requirement: It must be clear as to when changing a configuration after the services has been started can potentially lead to a problem with service or with the history of the data. Fixed Customizations: pre-determined and limited features CPCC can customize either by modifying an existing file, new file, or through an application programming interface (API). Requirements: Documentation detailing the ability to customize the file or about the API. Information regarding how future upgrades may impact these customizations. Open Customizations: source code is either partially or fully available for CPCC to customize the code as needed. Requirements Documentation regarding the code available for customization. Documentation regarding coding methodology, if one exists. Information regarding how future upgrades may impact these customizations and equivalent documentation if code-merge is required. Change-Request Customizations: customizations that has been reviewed and approved between CPCC and the Hosted Solution provider that will be conducted and maintained by the provider. Requirements Documentation regarding the process to request customizations. Cost estimate for requested customizations. Information regarding how future upgrades may impact these customizations. Customizations may be a great benefit to CPCC in meeting most, if not all, the specific needs. However, it must be weighed against the cost of maintenance, especially if it leads to potential downtime of services. End User Training Training provided to the College should be reviewed in a partnership with ITS to ensure compliance with the College s Information Technology Standards. Service Level Agreements SLAs Agreements regarding software and/or applications should be review in conjunction with ITS to ensure compliance with the College s Information Technology Standards. Data Storage All data stored by the Hosted Solution provider must be secured in a manner which prevents unauthorized access from internal and external parties. If possible, data should be encrypted. 8 P age
9 Data Storage Location The Hosted Solution provider must locate all stored data in the United States of America unless given express permission by CPCC. Backups The Hosted Solution provider must provide proof of their Business Continuity / Disaster Recovery plan including details on backups and retention periods. Backups that are stored offsite must be encrypted. Migration Strategies Migration strategies are required in preparation of any event requiring the transition of the data to a different Hosted Solution provider or internally to CPCC for continued service. If no such strategy is available, then procedures and documentation, including ER diagrams or equivalent diagrams, for a complete extraction of data is required. Data Retention / Release In the event of termination of contract, all data will be returned to CPCC ITS in a suitable standard format and wiped from the Hosted Solution provider s systems. This may also include the removal of backup data from tapes if the retention period is too long for aging to occur naturally. The Hosted Solution provider must adhere to any and all data retention / removal policies stipulated by the College. System Requirements Browser Requirements Any online services provided are required to be compatible with college supported browsers. Any online service should also pass the w3.org validator test ( and be compatible with federally regulated accessibility standards (Section 508, Client Requirements As a rule any service provided online should not require the use of a client installed component (e.g. activex, java). If a client is required for the service the provider must agree in writing to maintain client compatibility and must provide in writing any data that will be transmitted using the client component. Any client software must be compatible with Windows XP (service pack 2 and above), Windows Vista (all versions), and Windows 7 (all versions). It is highly recommended that client components also be compatible with the Mac OSX platform. Hosted Solution providers must agree to periodic audits of transmitted information by both CPCC ITS and state auditors as requested. 9 P age
10 Data Transfer All data transfers will be encrypted using 128bit (or higher) SSL for HTTP traffic and SSH version 2 for any batch or real time non-http transfers. Furthermore, SSL certificates must be signed by a trusted third party; no self-signed certificates will be considered. Inbound or outbound batch transfers must occur between endpoints that have a firewall policy that allows only the two endpoints to exchange data. DNS / Domain Registration Where possible, all Hosted Solution provided services will use the following format: services.cpcc.edu/hostedprovidername The service name will be negotiated between CPCC ITS, the provider, and the CPCC requesting entity. The Hosted Solution will provide CPCC with the IP(s) to resolve the address and they will configure this information on CPCC s DNS servers. Any changes must be communicated to CPCC ITS in a timely manner to prevent service interruptions. If a new domain is registered, it will be procured and administered by CPCC ITS. Requirements CPCC will, as a rule, not allow the Hosted Solution provider to spoof its domains in the envelope sender. Other headers (From, Reply-To, etc.) must be used instead. In certain circumstances, spoofing will be allowed but only if mail from the provider is directed to CPCC staff or faculty and never to non-cpcc entities or CPCC students. In such cases, a small number of MTA IP addresses will be provided to CPCC ITS for use in white-listing. If changes are made afterwards, they must be communicated to CPCC ITS in a timely manner to prevent service interruptions. In circumstances where is directed to students, the provider must verify that they meet Google s Acceptable Use Policies. Workstation Environment Desktop applications should operate using current versions of Microsoft Windows and/or Apple Operating Systems. Data Integration Integration Requirements Hosted Solutions providing services that either require real-time data from the ERP system or update data into the ERP system must have an interface that have been developed with Colleague Studio or any other tools approved by Ellucian. Any other interfaces, including the use of an integration broker, must have details disclosed to insure proper operations without compromising services, security, and 10 P age
11 corruption of data. These interfaces should be available for CPCC to review and properly maintain. In the event that an integration broker is hosted by a third-party company, then all requirements apply to this company as well. Enterprise Application Environment The primary enterprise level application deployed and supported at Central Piedmont Community College (CPCC) is the Educational Enterprise Resource Planning (ERP) system which includes the Student Information Systems, Human Resource Management, and Financial Resource Management. The current ERP system is Colleague, a product and service selected by the North Carolina Community College System (NCCCS). Colleague is currently deployed using a propriety language known as Envision which uses IBM s Universe package as the foundation. In addition to using Unibasic as part of the Universe package, Unidata is used as the primary database for Colleague. While Colleague is the implemented ERP system, the Unidata database is the single source of data for the majority of information. In addition, to support other related systems, such as a Learning Management System (LMS), CPCC developed an Operational Data Store (ODS) using Microsoft SQL Server where data is stored through a locally developed ETL (Extract, transform, and load) tool. In addition, CPCC deployed several REST based API s to allow for data extraction from the ODS and other internal services. Policies/Regulations Data Ownership Unless there is a written agreement between CPCC and the provider with regards to data ownership, all data is exclusively owned by CPCC and a written agreement is required if the Hosted Solution provider will use the data other than the primary purposes of providing all agreed services. All data must be handled and secured according to the Security and Data Protection section. Security and Data Protection The following set of statements will be a component of any contract or other instrument that results from evaluation of responses to RFPs: Vendor shall treat all data that it receives from Central Piedmont Community College (CPCC), or is otherwise exposed to within CPCC data systems, with the highest degree of confidentiality and in compliance with all applicable federal and state laws and regulations and University policies. Vendor shall employ commercial best practices for ensuring the security of all CPCC electronic and paper data accessed, used, maintained, or disposed of in the course of Vendor's performance under this Agreement. Vendor shall only use such data for the purpose of fulfilling its duties under this Agreement and shall not further disclose such data to any third party without the prior written consent of CPCC or as otherwise required by law. 11 P age
12 Without limiting the foregoing, in the course of performing its duties under this Agreement Vendor MA Y receive, or be exposed to, the following types of data: student education records; financial information as that term is defined in the Financial Modernization Act of 1999; protected health information as that term is defined in the Health Insurance Portability and Accountability Act; and various items of personal identifying information including but not limited to Social Security Numbers, credit card numbers, financial account numbers and corresponding security or access codes and passwords, driver s license numbers, and Indiana state identification card numbers. Vendor shall employ sufficient administrative, physical, and technical data security measures to meet the requirements under the specific federal and state laws applicable to those data, including but not limited to: Student Education Records: The Family Education Rights and Privacy Act (FERPA), 20 USC 1232g et seq., and related regulations at 34 CFR Part 99; Financial Information including credit card and financial account numbers: The Financial Modernization Act of 1999, 15 USC 1681 et seq.; the Safeguards Rule at 16 CFR Part 314; and Indiana Code and Protected Health Information: The Health Insurance Portability and Accountability Act ("HIPAA'), 42 USC 1320d-2 (note); implementing privacy and security regulations at 45 CFR Parts 160 and 164, and related agency guidance; and the terms of any Business Associate Agreement or LOS agreement between CPCC and Vendor; Immediately upon becoming aware of a breach of the Vendor's security that reasonably may have resulted in unauthorized access to CPCC data, Vendor shall notify CPCC and shall cooperate fully with CPCC's investigation of and response to the incident. Except as otherwise required by law, Vendor shall not provide notice of the incident directly to the persons whose data were involved, without prior written permission from CPCC. Vendor acknowledges and agrees that CPCC is subject to North Carolina's Open Records law, and that disclosure of some or all of confidential information provided pursuant to this Agreement, or the Agreement itself, may be compelled pursuant to that law. CPCC agrees that, upon receipt of a request for confidential information made pursuant to the North Carolina Open Records law, it shall a) promptly notify Vendor of the fact and content of the request, b) consult with Vendor regarding any legitimate basis on which it might resist or narrow its response to the request, and c) disclose only information that CPCC, in the opinion of its legal counsel, is legally compelled to disclose." Further, CPCC has a robust and active technology security Office and program. The information at gives a further over overview of the laws mentioned above, and also outlines those security implementations considered by CPCC to be "best practices" for protection of sensitive institutional and personal data. Regulatory Compliance Along with the specified requirements for privacy and security of information as described in the Security and Data Protection section, CPCC will minimally request a copy of the Statement on Auditing Standards No. 70 (SAS 70) report. Cyber Insurance Cyber insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. The Department of Commerce has 12 P age
13 described it as an effective, market-driven way of increasing cyber-security because it may help reduce the number of successful cyber attacks by promoting the adoption of preventative measures; encouraging the implementation of best practices by basing premiums on an insured s level of self-protection; and limiting the level of losses that companies face following an attack. Hosted Solutions should carry cyber insurance to not only cover liability, but to promote confidence with security through preventive measures. Other Requirements ITS Implementation Scheduling Following standards may help with reducing implementation timelines, but still require implementation efforts. The overall timeline will depend on the complexity and integration needs. Therefore, a standard boilerplate project plan with fixed timelines cannot be used in isolation. ITS must be involved in reviewing integration process and with the project plan schedule. 13 P age
Software as a Service (SaaS) Requirements
Introduction Software as a Service (SaaS) Requirements Software as a Service (SaaS) is a software service model where an application is hosted as a service provided to customers across the Internet. By
More informationThis document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.
SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationMCSE SYLLABUS. Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003:
MCSE SYLLABUS Course Contents : Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003: Managing Users, Computers and Groups. Configure access to shared folders. Managing and Maintaining
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationAn Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance
An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationCourse work includes mathematics, natural sciences, engineering sciences and technology.
Curriculum Standard for Engineering and Technology: Applied, Automation, Mechatronics Engineering Technology Career Cluster: Science, Technology, Engineering, Mathematics** Cluster Description: Planning,
More informationThe data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.
Privacy and Security FAQ Privacy 1. Who owns the data that organizations put into Google Apps? 2. When can Google employees access my account? 3. Who can gain access to my Google Apps administrative account?
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationenicq 5 System Administrator s Guide
Vermont Oxford Network enicq 5 Documentation enicq 5 System Administrator s Guide Release 2.0 Published November 2014 2014 Vermont Oxford Network. All Rights Reserved. enicq 5 System Administrator s Guide
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationICE SDR SERVICE DISCLOSURE DOCUMENT
ICE SDR SERVICE DISCLOSURE DOCUMENT ICE Trade Vault, LLC ( ICE Trade Vault ) offers a swap data repository service for the collection, storage and regulatory reporting of a comprehensive range of trade
More informationMedical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions
Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a
More informationMicrosoft Technologies
NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationBOWMAN SYSTEMS SECURING CLIENT DATA
BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered
More informationSCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY
SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information
More informationMICROSOFT CERTIFIED SYSTEMS ENGINEER Windows 2003 Track
MICROSOFT CERTIFIED SYSTEMS ENGINEER Windows 2003 Track In recent years Microsoft s MCSE programs has established itself as the premier computer and networking industry certification. For the Windows 2003
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationSHARED WEB AND MAIL HOSTING SERVICE LEVEL AGREEMENT (SLA) 2010
SHARED WEB AND MAIL HOSTING SERVICE LEVEL AGREEMENT (SLA) 2010 This Service Level Agreement (SLA) ( Service Level Agreement or Agreement or SLA ) is by and between Bizcom Web Services, Inc. (the "Company")
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationLinux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications
NETWORK ENGINEERING TRACK Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office
More informationT146 Electro Mechanical Engineering Technician MTCU Code 51021 Program Learning Outcomes
T146 Electro Mechanical Engineering Technician MTCU Code 51021 Program Learning Outcomes Synopsis of the Vocational Learning Outcomes* The graduate has reliably demonstrated the ability to: 1. fabricate
More informationPrint4 Solutions fully comply with all HIPAA regulations
HIPAA Compliance Print4 Solutions fully comply with all HIPAA regulations Print4 solutions do not access, store, process, monitor, or manage any patient information. Print4 manages and optimize printer
More informationIowa Student Loan Online Privacy Statement
Iowa Student Loan Online Privacy Statement Revision date: Jan.6, 2014 Iowa Student Loan Liquidity Corporation ("Iowa Student Loan") understands that you are concerned about the privacy and security of
More informationMCSA Security + Certification Program
MCSA Security + Certification Program 12 credit hours 270 hours to complete certifications Tuition: $4500 Information technology positions are high-demand occupations that support virtually all industries.
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationI. EXECUTIVE SUMMARY. Date: June 30, 2015. Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services
Date: June 30, 2015 To: Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services From: Craig Trujillo, CPA, Deputy Chief Auditor CST Tele: Office 860-757-9952 Mobile 860-422-3600 City
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS
More informationMCOLES Information and Tracking Network. Security Policy. Version 2.0
MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on
More informationUNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C
UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information
More informationAbout this Course This 5 day ILT course teaches IT Professionals to design and deploy Microsoft SharePoint 2010.
Course 10231B: Designing a Microsoft SharePoint 2010 Infrastructure OVERVIEW About this Course This 5 day ILT course teaches IT Professionals to design and deploy Microsoft SharePoint 2010. Audience Profile
More informationTable of Contents. Introduction. Audience. At Course Completion
Table of Contents Introduction Audience At Course Completion Prerequisites Microsoft Certified Professional Exams Student Materials Course Outline Introduction This three-day instructor-led course provides
More informationIt s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?
It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? The AMC Privacy & Security Conference Series Securely Connecting Communities for Improved Health
More informationEmpowering the Enterprise Through Unified Communications & Managed Services Solutions
Continuant Managed Services Empowering the Enterprise Through Unified Communications & Managed Services Solutions Making the transition from a legacy system to a Unified Communications environment can
More informationRemote Deposit Terms of Use and Procedures
Remote Deposit Terms of Use and Procedures Use of American National Bank Fox Cities (Bank) Remote Deposit service is subject to the following Terms of Use and Procedures. Bank reserves the right to update
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationPLCs and SCADA Systems
Hands-On Programmable Logic Controllers and Supervisory Control / Data Acquisition Course Description This extensive course covers the essentials of SCADA and PLC systems, which are often used in close
More informationSecure Email Frequently Asked Questions
Secure Email Frequently Asked Questions Frequently Asked Questions Contents General Secure Email Questions and Answers Forced TLS Questions and Answers SecureMail Questions and Answers Glossary Support
More informationManagement Standards for Information Security Measures for the Central Government Computer Systems
Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationManaging and Maintaining Windows Server 2008 Servers
Managing and Maintaining Windows Server 2008 Servers Course Number: 6430A Length: 5 Day(s) Certification Exam There are no exams associated with this course. Course Overview This five day instructor led
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationM6430a Planning and Administering Windows Server 2008 Servers
M6430a Planning and Administering Windows Server Servers Course 6430A: Five days; Instructor-Led Introduction This five-day instructor-led course provides students with the knowledge and skills to implement,
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More information167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College
167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College Information Security Certificate: Designed to introduce students to programming, security basics, network monitoring,
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationIndiana University of Pennsylvania Information Assurance Guidelines. Approved by the Technology Utilities Council 27-SEP-2002
Indiana University of Pennsylvania Information Assurance Guidelines Approved by the Technology Utilities Council 27-SEP-2002 1 Purpose... 2 1.1 Introduction... 2 1.1.1 General Information...2 1.1.2 Objectives...
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationUsing Managed Services As A Software Delivery Model In Canadian Health Care
Using Managed Services As A Software Delivery Model In Canadian Health Care September 9, 2005 Authors: Darren Jones Darcy Matras INTRODUCTION... 3 MANAGED SERVICES DEFINED... 4 MANAGED SERVICES OVERVIEW...
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationIndustrial Communications Training
Standards Certification Education & Training Publishing Conferences & Exhibits Industrial Communications Training Optimizing the flow and value of real-time data Expert-led training with real-world application
More informationHIPAA Transaction ANSI X12 835 Companion Guide
HIPAA Transaction ANSI X12 835 Companion Guide HIPAA ASC x12 V5010X279A1 Version: 1.0 11/1/2013 Document History DOCUMENT VERSION HISTORY TABLE Version Sections Revised Description Revised By Date 2 Table
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationWHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email
WHITE PAPER Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email EXECUTIVE SUMMARY Data Loss Prevention (DLP) monitoring products have greatly
More informationInformation Technology Cluster
Network Systems Pathway Information Technology Cluster Assistant Network Technician -- This major prepares students to install, configure, operate, and connections to remote sites in a wide area network
More informationBUSINESS ASSOCIATE AGREEMENT
Note: This form is not meant to encompass all the various ways in which any particular facility may use health information and should be specifically tailored to your organization. In addition, as with
More informationOne LAR Course Credits: 3. Page 4
Course Descriptions Year 1 30 credits Course Title: Calculus I Course Code: COS 101 This course introduces higher mathematics by examining the fundamental principles of calculus-- functions, graphs, limits,
More informationCompliance and Industry Regulations
Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy
More informationMusic Recording Studio Security Program Security Assessment Version 1.1
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
More information