IT Roles in Loss Prevention. Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IT Roles in Loss Prevention. Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP"

Transcription

1 IT Roles in Loss Prevention Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP

2 What is Loss Prevention (Risk Management)? Mitigate risk Protect the Firm s assets Departments can include: Records Management Conflicts Docket Audit Letters ARDC Registration IRS Reporting for Corporate Transactions Coordination of Lobbying Activity Reporting

3 What does this have to do with IT? We are protecting the I in IT The I is a primary Firm asset Improperly managing the I can create risk events IT is often the control point for the I

4 Types of Risk Wrongdoing - deliberate negligence Mistakes Bad policies Bad procedures Lack of knowledge Mismanagement Risk against the lawyer s duty to protect clients confidential information

5 Areas of IT Strategy Infrastructure/Networking Help Desk/User Support Desktop Applications Enterprise Applications Litigation Support Development

6 Strategy Risk must be assessed at every level of the overall strategic technology plan How information is captured/created/received? How it is accessed and by whom? How information is used and transmitted? How information is disposed of? How will systems integrate to reduce proliferation? Classification, retention and access

7 Risk vs. Impact (or Firm vs. User) High Risk Firm Low Risk Negative Business Impact User Positive Business Impact

8 Infrastructure/Networking/IT Security Data protection and security Decommissioning servers, laptops, desktops Backup tapes Disaster Recovery Removable Media Password change frequency Encryption Website traffic

9 Help Desk/User Support The belly of the beast Access to information Activity of information Adding Deleting Printing Copying/Transferring Often the warning system for risk events Business risk events Records risk events Using controls to manage the risk

10 Information Management Lifecycle (source: KPMG) Phase 2 Storage Access Control Structured v. Unstructured Integrity/Confidentiality ti Availability Phase 1 Generation Ownership Classification Governance Phase 3 Use Internal v. External Third Party Appropriateness Phase 7 Compliance Compliance & Audit Monitoring Process & Controls Phase 4 Transmission Public v. Private Networks Encryption Requirements Access Control Phase 5 Archival Legal & Compliance Offsite Considerations Media Concerns Phase 6 Destruction Secure Destruction Record Retention

11 Desktop Applications Lifecycle of information Capture/Create/Receive Use/Circulation/Transmission Short Term storage Long Term storage Disposition Locking down the desktop Applying ethical walls and protecting confidentiality

12 Enterprise Applications Determine personal control vs. Firm control Establish matter information owners Establish proper access controls Establish consistent, repeatable procedures for incoming/departing personnel and transferring information to the client Two biggies (automatic addresses, reply all, metadata, spam, retention periods) DMS (classification, retention, access)

13 Litigation Support Are you using internal staff to handle Firm discovery requests? The devil is in the details Consider outsourcing internal discovery Consider conflicts checks on lit support staff

14 Development Don t develop in a vacuum; requires coordinated effort to reduce proliferation of information Consider Lifecycle Access Classification Preservation Retention/Destruction Back-up

15 Key Issues Classification (structured vs. unstructured data) Retention, Preservation, Destruction (develop an exit strategy, how will you preserve, how will you securely destroy) Security, Protection, Access (ethical walls, confidential matters)

16 What if I don t have a Loss Prevention Department? General Counsel Litigation Partner Records Manager Malpractice insurance carrier ABA Model Rules of Professional Conduct Ethics Opinions BNA Lawyers Manual on Professional Conduct

17 Great resources Information Nation: Seven Keys to Information Management (author Randolph Kahn, Esq.) Thank you!

E-mail Management: A Guide For Harvard Administrators

E-mail Management: A Guide For Harvard Administrators E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered

More information

R Scott Murchison CRM

R Scott Murchison CRM R Scott Murchison CRM SVP Information Governance Service Kaizen InfoSource LLC Information Management s Impacts on Litigation and ediscovery Relationship of IM and Litigation Role of Information Manager

More information

Discovery Technology Group

Discovery Technology Group Discovery Technology Group E-mail Retention: Readiness Survey E-mail now represents the largest source of new documents and records generated within a company, and the most troublesome from a retention

More information

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008 Document version: 2.8 Issued to: Harbinger Escrow Services Issued by: Harbinger Group Pty Limited Delivered on: 18 March 2008 Harbinger Group Pty Limited, Commercial in Confidence Table of Contents 1 Introduction...

More information

Information Governance

Information Governance Information Governance The New Records Management Rudy Moliere Director, Information Goverance & Records Management Terrence J. Coan, CRM Senior Director Information Management Practice Agenda Introductions

More information

B. Preservation is not limited to simply avoiding affirmative acts of destruction because day-to-day operations routinely alter or destroy evidence.

B. Preservation is not limited to simply avoiding affirmative acts of destruction because day-to-day operations routinely alter or destroy evidence. This is a sample approach to developing a sound document collection process, referenced at Section II(7)(vi) of the Guidelines on Best Practices for Litigating Cases Before the Court of Chancery. It should

More information

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) David J. Chavolla, Esq. and Gary L. Kemp, Esq. Casner & Edwards, LLP 303 Congress Street Boston, MA 02210 A. Document and Record Retention Preservation

More information

Electronic Discovery How can I be prepared? September 2010

Electronic Discovery How can I be prepared? September 2010 Electronic Discovery How can I be prepared? September 2010 Presented by Brian Wilkinson, Director of ediscovery & Computer Forensics brian.wilkinson@us.pwc.com 410-659-3473 Table of Contents Page 1 Electronic

More information

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs What We ll Cover Foundations of Records and Information Management Creating a Defensible Retention Schedule Paper v. Electronic Records Organization and Retrieval of Records and Information Records Management

More information

The Ethical Obligations of an Attorney When Using Technology

The Ethical Obligations of an Attorney When Using Technology The Ethical Obligations of an Attorney When Using Technology A Cell Phone Does Not Create an Invisible Cone of Silence and Other Adventures on the New Frontier David I. Bloom Partner (202) 263 3204 dbloom@mayerbrown.com

More information

State of Michigan Records Management Services. Guide to E mail Storage Options

State of Michigan Records Management Services. Guide to E mail Storage Options State of Michigan Records Management Services Guide to E mail Storage Options E mail is a fast, efficient and cost effective means for communicating and sharing information. However, e mail software is

More information

EMAIL MANAGEMENT GUIDELINES

EMAIL MANAGEMENT GUIDELINES EMAIL MANAGEMENT GUIDELINES FOR COUNTIES AND MUNICIPALITIES 1. Purpose The purpose of these guidelines is to ensure that the electronic mail records of county and municipal government officials and employees

More information

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Name: Position held: Company Name: Is your organisation ISO27001 accredited: Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:

More information

Southern Law Center Law Center Policy #IT0004. Title: Email Policy

Southern Law Center Law Center Policy #IT0004. Title: Email Policy Southern Law Center Law Center Policy #IT0004 Title: Email Policy Authority: Department Original Adoption: 7/20/2007 Effective Date: 7/20/2007 Last Revision: 9/17/2012 1.0 Purpose: To provide members of

More information

Congregation Data Security Education

Congregation Data Security Education Congregation Data Security Education Data Security Risks Incoming and Outgoing Internet Traffic Remote Access Outbound Email Improperly Discarded Paper Portable Media Devices (i.e. laptops, flash drives,

More information

The Future of Records Management. Senior Director, Loss Prevention Project Manager/Developer

The Future of Records Management. Senior Director, Loss Prevention Project Manager/Developer The Future of Records Management Ann Ostrander Jimmy Lam Senior Director, Loss Prevention Project Manager/Developer Kirkland & Ellis LLP Loeb & Loeb LLP Agenda What is driving the change? People Technology

More information

PROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT SYSTEM

PROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT SYSTEM Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 PROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

This policy is not designed to use systems backup for the following purposes:

This policy is not designed to use systems backup for the following purposes: Number: AC IT POL 003 Subject: Backup and Restore Policy 1. PURPOSE The backup and restore policy establishes the need and rules for performing periodic system backup to permit timely restoration of Africa

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks; Enterprise Content Management (ECM) Policy Version Information A. Introduction Purpose 1. Outline and articulate the strategy for enterprise content management across Redland City Council (RCC). This document

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Special Report: ROI of Records Management for Legal Discovery

Special Report: ROI of Records Management for Legal Discovery Special Report: ROI of Records Management for Legal Discovery Page 1 Table of Contents Table of Contents 2 Introduction 3 2010 Litigation Cost Survey 3 Legal Discovery Process 4 ROI Scenarios 7 Other Savings

More information

Data Security Policy

Data Security Policy Policy Number: Revision Number: 0 QP1.44 Date of issue: March 2009 Status: Approved Date of approval: April 2009 Responsibility for policy: Responsibility for implementation: Responsibility for review:

More information

Part 2: Records and Information Management: Creation and Use

Part 2: Records and Information Management: Creation and Use Records and Information Management: Creation and Use Part 2: Records and Information Management: Creation and Use Creating Records and Information Information Capture and Use Legal Compliance Risk Assessment

More information

Result Categories of Electronic Discovery Searches

Result Categories of Electronic Discovery Searches May 2004 Volume 2, Number 2 Result Categories of Electronic Discovery Searches Table of Contents The Ethical Implications of Your Computer Result Categories of Electronic Discovery Searches Lawyers often

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER The IT Manager's Role in Proactive Information Retention and Disposition Management: Balancing ediscovery and Compliance Obligations with IT Operational and Budget Constraints Sponsored by:

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Dublin City University

Dublin City University Asset Management Policy Asset Management Policy Contents Purpose... 1 Scope... 1 Physical Assets... 1 Software Assets... 1 Information Assets... 1 Policies and management... 2 Asset Life Cycle... 2 Asset

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Local Area Networking

Local Area Networking Local Area Networking prashant.mali@cyberlawconsulting.com By Prashant Mali LAN Issues Local Area Networks evolved from stand-alone PCs Control and safety features found commonly in multi-user systems

More information

Email Management Trends, Troubles, and Solutions

Email Management Trends, Troubles, and Solutions Email Management Trends, Troubles, and Solutions Kevin O Connor General Manager, Content Management & Archiving 1 Information Challenges Lead to Archiving Data Growth Digital Proliferation Cost Escalating

More information

Building an ROI Business Case for Email Archiving. Redgrave Daley Ragan & Wagner LLP

Building an ROI Business Case for Email Archiving. Redgrave Daley Ragan & Wagner LLP Redgrave Daley Ragan & Wagner LLP 1 Introduction Over the past several years, the reliance that organizations place on e-mail as their primary form of business communication has grown exponentially. The

More information

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4 9. GOVERNANCE Policy 9.8 RECORDS MANAGEMENT POLICY Version 4 9. GOVERNANCE 9.8 RECORDS MANAGEMENT POLICY OBJECTIVES: To establish the framework for, and accountabilities of, Lithgow City Council s Records

More information

Email Retention and Archiving

Email Retention and Archiving Personnel Connections Email Retention and Archiving 10 a.m. August 21, 2009 John L. Baines OIT Security and Compliance Agenda NC State Government & University Email References Background Governor s Email

More information

Records and Information Management and Retention

Records and Information Management and Retention Records and Information Management and Retention Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit March 13, 2012 3 pm ET W. Warren Hamel Venable LLP 750 E. Pratt St. Baltimore,

More information

Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services

Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services ONE SOLUTION Maximize the Business Value of Your Information Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services In today s world, information whether in paper or digital

More information

EFFECTIVE DATE: JULY 1, 2010

EFFECTIVE DATE: JULY 1, 2010 Town of Florence POLICY TITLE: EMAIL RETENTION POLICY RESPONSIBLE DEPARTMENT: Town Clerk Office APPROVAL: EFFECTIVE DATE: JULY 1, 2010 AP / RESOLUTION NO.: 2010-02 REFERENCES: TOWN MANAGER SIGNATURE: TOWN

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009 RECORDS AND INFORMATION Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009 PURPOSE Penn West recognizes that responsible

More information

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention State of Michigan Records Management Services Frequently Asked Questions About E mail Retention It is essential that government agencies manage their electronic mail (e mail) appropriately. Like all other

More information

From Archiving to Legal Holds: Comprehensive Information Management

From Archiving to Legal Holds: Comprehensive Information Management April 21 st, 2010 From Archiving to Legal Holds: Comprehensive Information Management John Jablonski, Esq., Partner, Goldberg Segalla, LLP Wayne Wong, Managing Consultant, Kroll Ontrack 2010 Kroll Ontrack

More information

Table of Contents. Chapter No. 1. Introduction 1. 2. Objective 1. 3. E-mail Use Compliance 1. 4. Definitions 2. 5. Roles and Responsibilities 2

Table of Contents. Chapter No. 1. Introduction 1. 2. Objective 1. 3. E-mail Use Compliance 1. 4. Definitions 2. 5. Roles and Responsibilities 2 Table of Contents Chapter Subject Page No. 1. Introduction 1 2. Objective 1 3. E-mail Use Compliance 1 4. Definitions 2 5. Roles and Responsibilities 2 6. Creation and Use of E-mails 3 7. Managing E-mails

More information

Director, Value Engineering

Director, Value Engineering Director, Value Engineering April 25 th, 2012 Copyright OpenText Corporation. All rights reserved. This publication represents proprietary, confidential information pertaining to OpenText product, software

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

RECORDKEEPING MATURITY MODEL

RECORDKEEPING MATURITY MODEL Introduction Maturity Rating Definitions 1 Level 1 Inadequate/Sub-standard Practice is not formalised or documented. Processes and practices are fragmented or non-existent. Where processes and practices

More information

CMA Shipping 2015. Ethics and E-Discovery in Shipping Disputes

CMA Shipping 2015. Ethics and E-Discovery in Shipping Disputes CMA Shipping 2015 Ethics and E-Discovery in Shipping Disputes March 25, 2015 Vincent J. Foley, Holland & Knight LLP (212) 513-3357 vincent.foley@hklaw.com CMA Shipping 2015 Ethics and E-Discovery for Shipping

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

Retention & Disposition in the Cloud Do you really have control?

Retention & Disposition in the Cloud Do you really have control? InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS

DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS Overview. DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS A comprehensive and consistently applied document retention policy is necessary to reduce the risk of being charged with spoliation

More information

Results through the. Results Power of Experience

Results through the. Results Power of Experience Results through the Results Power of Experience GOVERNANCE RULES FOR E- DISCOVERY: BEING PROACTIVE Presented by Fred V. Diers Vice President Governance, Risk & Compliance Practice www.judge.com fdiers@judge.com

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

8. RECORDS AND INFORMATION MANAGEMENT

8. RECORDS AND INFORMATION MANAGEMENT 8. RECORDS AND INFORMATION MANAGEMENT Overview This chapter is intended to help public bodies understand how good records and information management practices assist in the effective administration of

More information

8/28/2015. How to Manage Records. Overview. Learning Objectives. Do you have? Does your office look like this?

8/28/2015. How to Manage Records. Overview. Learning Objectives. Do you have? Does your office look like this? How to Manage Records Records Management Services State of Michigan Overview Common Recordkeeping Problems Risk Management Keeping Records Storing Records Destroying Records Getting Organized Learning

More information

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9 ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9 Purpose: The purpose of this policy is to establish guidelines for proper use of all forms of electronic media. As used in this policy, electronic media includes,

More information

4.10 Information Management Policy

4.10 Information Management Policy Policy Statement Information is a strategic business resource that the must manage as a public trust on behalf of Nova Scotians. Effective information management makes program and service delivery more

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY PURPOSE The purpose of this policy is to: Assist departments in effective utilization of space and efficient information retrieval; Establish guidelines for disposal of records;

More information

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07 INTERNATIONAL SOS Data Retention, Archiving and Destruction Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: January 2009 Revised: 2015 All copyright in these materials

More information

Information Governance & Records Management for Today's World

Information Governance & Records Management for Today's World May 19-22, 2014, Toronto ON Canada Information Governance & Records Management for Today's World Presented by Colin Cahill LI22 5/20/2014 1:15 PM - 2:45 PM The handouts and presentations attached are copyright

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

Wood River Land Trust LTA Standard 2: Compliance with Laws 2B: Incorporation/Bylaws 2C: Tax Exemption 2D: Records Policy 2E: Public Policy

Wood River Land Trust LTA Standard 2: Compliance with Laws 2B: Incorporation/Bylaws 2C: Tax Exemption 2D: Records Policy 2E: Public Policy Wood River Land Trust LTA Standard 2: Compliance with Laws 2A: Compliance 2B: Incorporation/Bylaws 2C: Tax Exemption 2D: Records Policy 2E: Public Policy Policy: The Land Trust will fulfill its legal requirements

More information

OFFICE OF CHIEF COUNSEL OPERATION R.E.D. GUIDANCE

OFFICE OF CHIEF COUNSEL OPERATION R.E.D. GUIDANCE OFFICE OF CHIEF COUNSEL OPERATION R.E.D. GUIDANCE Operation R.E.D. is a two-month Chief Counsel event the goal of which is to refresh employees awareness of existing policies and procedures regarding safeguarding

More information

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment

More information

CITY OF ELK GROVE CITY COUNCIL STAFF REPORT

CITY OF ELK GROVE CITY COUNCIL STAFF REPORT CITY OF ELK GROVE CITY COUNCIL STAFF REPORT AGENDA ITEM NO. 8.4 AGENDA TITLE: Adopt resolution establishing policy for the retention of electronic mail records and call recordings maintained by IT Services

More information

UNIVERSITY OF MANITOBA PROCEDURE

UNIVERSITY OF MANITOBA PROCEDURE UNIVERSITY OF MANITOBA PROCEDURE Procedure: Parent Policy: Effective Date: June 23, 2015 Revised Date: Review Date: June 23, 2025 Approving Body: Authority: Responsible Executive Officer: Delegate: Contact:

More information

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents WhitePaper Concise Guide to E-discovery Contents i. Overview ii. Importance of e-discovery iii. How to prepare for e-discovery? iv. Key processes & issues v. The next step vi. Conclusion Overview E-discovery

More information

Retention & Disposition of Records Residing in a Public Cloud: A Risk Management Approach

Retention & Disposition of Records Residing in a Public Cloud: A Risk Management Approach Retention & Disposition of Records Residing in a Public Cloud: A Risk Management Approach Patricia C. Franks, PhD, IGP, CA, CRM International Symposium October 17, 2014 to mitigate risk Not all information

More information

Backup Policy. Document Title: No. Pages 5. Document Type: Policy. Scope: OCIO, Operations Branch

Backup Policy. Document Title: No. Pages 5. Document Type: Policy. Scope: OCIO, Operations Branch Document Title: Backup Policy Document Type: Policy No. Pages 5 Scope: OCIO, Operations Branch Trim Number: DOC02866/2007 Revision: 3 Treasury Board Approval: TBM 2007-300 Date Implemented: 2011/03/08

More information

The Portcullis Guide to Disclosing Electronically Stored Information (ESI)

The Portcullis Guide to Disclosing Electronically Stored Information (ESI) The Portcullis Guide to Disclosing Electronically Stored Information (ESI) Portcullis Computer Security Limited www.portcullis-security.com http://labs.portcullis.co.uk/ Tel: +44 (0)20 8868 0098 Email:

More information

The Next Frontier. for Records Managers. Retention and Disposition of Structured Data:

The Next Frontier. for Records Managers. Retention and Disposition of Structured Data: Retention and Disposition of Structured Data: The Next Frontier for Records Managers Establishing a relationship with IT managers and learning about the basics of system technology will help the records

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Solution Overview: Data Protection Archiving, Backup, and Recovery Unified Information Management for Complex Windows Environments

Solution Overview: Data Protection Archiving, Backup, and Recovery Unified Information Management for Complex Windows Environments Unified Information Management for Complex Windows Environments The Explosion of Unstructured Information It is estimated that email, documents, presentations, and other types of unstructured information

More information

INFORMATION SECURITY GUIDELINES

INFORMATION SECURITY GUIDELINES INFORMATION SECURITY GUIDELINES TABLE OF CONTENTS: Scope of Document 1 Data Definition Guidelines (Appendix 1).2 Data Protection Guidelines (Appendix 2).3 Protection of Electronic or Machine- Readable

More information

HIPAA Compliance Evaluation Report

HIPAA Compliance Evaluation Report Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations

More information

Congregation Identity Theft Education Program

Congregation Identity Theft Education Program Congregation Identity Theft Education Program Definition - PII Personal Identity Information (PII) is defined as any data that can be used by a third party to steal an individual s or entity s identity

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Rule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover

Rule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover : Discovering What There Is to Discover One of the challenges in electronic discovery is identifying the various sources of electronically stored information (ESI) that could potentially be relevant to

More information

Proactive Data Management for ediscovery

Proactive Data Management for ediscovery Proactive Data Management for ediscovery Simon Taylor Snr. Director Information Management CommVault Systems Inc. Why ediscovery sucks for IT The US Federal Rules of Civil Procedure Rule 34(a), (b) Definition

More information

Records and Information Management

Records and Information Management Records and Information Management Elizabeth Adkins Dir., Information Governance Grant Thornton LLP Raquel Tamez Chief Legal Officer SourceAmerica Patrick Oot Partner Shook, Hardy & Bacon, LLP Records

More information

Records Management Policy

Records Management Policy Records Management Policy Policy Reference Number Responsible Department Related Policies 34CP Corporate & Community Services Code of Conduct for Elected Members, Code of Conduct for Employees, Internet,

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Arizona State Library, Archives and Public Records

Arizona State Library, Archives and Public Records Arizona State Library, Archives and Public Records RECORDS MANAGEMENT DIVISION 1919 West Jefferson Phoenix, Arizona 85009 (602) 542-3741 Managing Public Records Sent and Received Via Electronic Mail These

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

August 6, 2015. Technology 101 for the Corporate Lawyer

August 6, 2015. Technology 101 for the Corporate Lawyer August 6, 2015 Technology 101 for the Corporate Lawyer The Presenters Scott Plichta Chief Information Security Officer Corporation Service Company Jennifer K. Mailander Associate General Counsel Corporation

More information

Best Practices Series Document Retention and Best Practices

Best Practices Series Document Retention and Best Practices Best Practices Series Document Retention and Best Practices 1. Sarbanes Oxley Act provides guidance to businesses Sections 802 and 1102 of SOX make it a crime to alter, cover up, falsify, or destroy any

More information

A Lawyer s Guide to Records Management Issues

A Lawyer s Guide to Records Management Issues A Lawyer s Guide to Records Management Issues Important Considerations When Establishing a Workable File Retention and Destruction Policy It s Chubb. Or it s Chance. 2005 Chubb & Son, a division of Federal

More information

Information and records management. Purpose. Scope. Policy

Information and records management. Purpose. Scope. Policy Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of corporate information and records within NZQA.

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

UMHLABUYALINGANA MUNICIPALITY

UMHLABUYALINGANA MUNICIPALITY UMHLABUYALINGANA MUNICIPALITY BACKUP AND RESTORE POLICY Backup and Restore Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator Recommended by Director of

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

University of Pittsburgh Security Assessment Questionnaire (v1.5)

University of Pittsburgh Security Assessment Questionnaire (v1.5) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided

More information