Policy on the Security of Informational Assets
|
|
- Benedict Bryant
- 8 years ago
- Views:
Transcription
1 Policy on the Security of Informational Assets Policy on the Security of Informational Assets 1
2 1. Context Canam Group Inc. recognizes that it depends on a certain number of strategic information resources in order to pursue its activities and its mission. It also recognizes that information in all its forms is essential to accomplishing its current operations and, consequently, that all information must be used appropriately and protected adequately in accordance with existing legislation, such as Bill C-198, and best security practices. 2. Objectives The Policy on the Security of Informational Assets expresses Canam Group Inc.'s position with respect to the security measures it deems critical to the protection of its informational assets. This policy aims to define the rules governing the protection of these informational assets, to ensure the pursuit of the company's activities in accordance with its legal and administrative obligations and to ensure the security of the numerical data and the personal or sensitive information it gathers, owns, maintains, uses or exchanges electronically. This policy also identifies and defines the responsibilities of those in charge of its implementation and those who use the informational assets of Canam Group Inc. 3. Definition Informational assets: The informational assets of Canam Group Inc. include the documents produced or received within the scope of the company's operations, regardless of the transmission means used (paper, electronic, verbal or other), computer hardware, computer applications and documents required for their smooth operation, software and software packages, data processing and electronically processed data. 4. Scope 4.1 Assets targeted This policy applies both to information and informational assets: owned or maintained by Canam Group Inc.; owned by Canam Group Inc. and used or maintained by a service provider or third party; owned by a service provider or third party and used by either of them for the benefit of Canam Group Inc. Policy on the Security of Informational Assets 2
3 4.2 People targeted This policy is aimed at: all employees of Canam Group Inc., regardless of their status (regular, occasional, trainee, contractual or management); any person required to use these informational assets in the course of performing work or rendering services on behalf of a partner or supplier on the premises of Canam Group Inc. or other premises. Each employee must read this policy and confirm by electronic means that he/she has received a copy of the policy, has read it, understands it and undertakes to comply with it. For further information on this policy, please contact the Informational Asset Security Officer at Canam Group Inc. 5. Use of information systems 5.1 Property Any computer hardware, software or services purchased, leased or developed by the company remains the property of the company. Any program developed or any information used or produced in any form whatsoever by means of the company's information systems becomes the exclusive property of the company. 5.2 Security Access to the company's computerized services requires a User ID and one or more passwords. The employee is forbidden to allow anyone whatsoever to gain access to these services by using his/her personal ID. The employee assumes full responsibility for any action related to his/her account. Employees authorized to access Canam Group Inc. s systems via the Internet are given an "authentication key" (CryptoCard), which is used to generate onetime passwords. This key is the property of the company and should under no circumstances be loaned. Policy on the Security of Informational Assets 3
4 5.3 Information network Access-control mechanisms, such as firewalls, prevent and detect unauthorized access to the network Security measures designed to protect both the network and access to the Internet ensure the continuity of operations Security measures designed to protect data circulating on the network and on the Internet (e.g., encryption) are put in place to prevent any unauthorized person from intercepting sensitive data. 5.4 Internet use The Internet must be used strictly for business purposes and only during regular working hours. Employees are granted the privilege of using the Internet for personal purposes during breaks and meal periods, but should be aware that such use is restricted as to content. Acceptable content excludes any pornographic, discriminatory or offensive site or information. Accordingly, the company has a control system in place to limit access to certain categories of sites and to allow a detailed follow-up of Internet use. Downloading material from the Internet is strictly forbidden, unless it is clearly within the scope of the employee's duties. 5.5 Workstation The above content restrictions also apply to all files kept on a workstation as well as all "screensavers" and "backgrounds" used. 6. Electronic mail ( ) 6.1 Property Any sent or received via a company computer is the property of the company and may be subject to scrutiny. service is provided as a means of improving employee communications and productivity and must be used for business purposes only. From a practical point of view, the company permits use for personal purposes, but such use remains subject to scrutiny by the company and must be consistent with the company's policy, its current ethical and moral standards and the legislation applicable to the region in which the company operates. Audits will only be conducted by personnel authorized by the company and when circumstances warrant it. Employees recognize that they have no assurance of confidentiality in their communications by . Policy on the Security of Informational Assets 4
5 6.2 Postings The company provides each of its business locations with an electronic bulletin board, accessible via the intranet, to allow employees to post messages of general interest, such as offers to sell or purchase, and other material unrelated to the company s business. 6.3 Confidentiality s should not be viewed as totally confidential given that they are transmitted electronically. Employees should be aware of this when transmitting information of a confidential or proprietary nature. The company will take the necessary measures to protect electronically transmitted messages by preventing their unauthorized interception or modification; however, it is impossible to assure employees of the absolute reliability or confidentiality of electronic messaging. 6.4 Prohibited uses The company's electronic messaging services must not be used in an improper or abusive manner. Accordingly, it is forbidden to: distribute copyrighted material without being duly authorized to do so; send rude, inappropriate or offensive messages, such as racial, sexual or religious slurs; send and/or accept software or software components including attachments that may contain offensive jokes, explicit pictures or files with the suffix.mov,.avi,.exe or.com (types of attachments which are often used to transmit "viruses" to workstations); accept and forward "chain letters" by ; use for solicitation purposes on behalf of external firms or in connection with personal events, charitable organizations, membership in an organization, political or religious causes or for any other purpose unrelated to the company's business. 7. Software management Software represents a major investment for the company. Software refers not only to products purchased from third parties, but also to those developed in-house as well as to related documentation. All software must be safeguarded in such a way as to protect them against unlawful duplication or fraudulent use. Policy on the Security of Informational Assets 5
6 7.1 Licences The company and its employees will comply with the terms and conditions of software license agreements and copyright provisions associated with registered software, software that has been developed in-house and shareware, whether in the public domain or belonging to third parties. The company has adequate control mechanisms in place to ensure that: the company is complying with the license agreements that come with all approved software installed on computers owned or leased by the company; all software and related documentation are protected against unlawful duplication and fraudulent use; software is copied solely for disaster recovery purposes and/or in accordance with the terms and conditions of applicable license agreements. 7.2 Installation All software must be installed by EDP Operations (Electronic Data Processing) personnel to ensure that all workstations have the same configuration. Any unauthorized software will be removed. 7.3 Audits Software suppliers have the right to conduct audits at the company's facilities to ensure that it is complying with the terms and conditions of their license agreements. To ensure such compliance, the company reserves the right to inspect any and all hard drives on a regular basis to make sure that it does indeed hold the license required for every copy of software installed on a hard drive. 8. Continuity of data processing activities The company has written, tested and updated disaster emergency measures in place to ensure the recovery of its critical information systems (within a reasonable timeframe) in the event of a major disaster (e.g., fire, hacking, extended power outage, flooding or maliciousness). 9. Security awareness and training Every manager must raise his/her staff's awareness of the need to protect informational assets, the consequences of a security breach, and the roles and responsibilities of all employees in his/her department or administrative unit with respect to the protection of these assets. Policy on the Security of Informational Assets 6
7 Managers must also make sure that the members of their staff are trained to use informational assets properly and to take all the necessary security precautions to safeguard them in order to minimize the risks of a security breach. 10. Physical security in the workplace Measures to control access to the workplace and the informational assets found there are in place, implemented and kept up-to-date. All computer hardware owned or leased by Canam Group Inc. is identified and classified, and an inventory of all hardware is kept up-to-date. 11. Reporting of incidents Every user has an obligation to immediately report to the person assigned to the security of informational assets any act that may represent an actual or alleged security breach (e.g., theft, intrusion into a network or system, deliberate damage, abusive or fraudulent use). 12. Partners and suppliers Contracts and agreements signed with any Canam Group Inc. partner or supplier must include recognized provisions guaranteeing their compliance with the company s information security requirements. 13. Right of inspection Canam Group Inc. has a right of inspection with respect to the utilization of informational assets by users. This right of inspection will be exercised in accordance with the Canadian Charter of Rights and Freedoms (R.S.C., 1985, c. 42) and the Quebec Charter of Rights and Freedoms (R.S.Q., c. 12). 14. Roles and responsibilities 14.1 President and Chief Operating Officer The President and Chief Operating Officer is the person ultimately responsible for the security of informational assets at Canam Group Inc. In this capacity, he approves the Policy on the Security of Informational Assets and defines related values and policy directions, and ensures that the policy, values and policy directions are communicated to company personnel. He oversees the implementation of the Policy on the Security of Informational Assets and the normative framework derived from it. Policy on the Security of Informational Assets 7
8 He assigns specific, clearly defined responsibilities to the people responsible for the security of Canam Group Inc. s informational assets. He sets up an informational asset security committee and appoints an informational asset security officer to represent him on this issue within Canam Group Inc. and to carry out all of the above measures Informational Asset Security Committee The mandate of the Informational Asset Security Committee is primarily to "approve and recommend for approval by the President and Chief Operating Officer the priorities, policy directions, management framework, policies, guidelines and other strategic matters pertaining to the security of the company's informational assets", after ensuring that they are consistent with the relevant laws, policy directions, policies, guidelines and other recommendations made by senior management. Role and responsibilities of the Informational Asset Security Committee To fulfill its mandate, the Committee must: see annually to the development, implementation, approval and follow-up of a master plan and departmental action plans on the security of informational assets; authorize projects related to the security of informational assets, based on approved budgets; assign activities related to the security of informational assets to working groups or to certain members of personnel; inform the President and Chief Operating Officer when unforeseen circumstances related to the security of informational assets arise. Canam Group Inc. s Informational Asset Security Committee is composed of the following members: the Vice President of Information Technologies; the Systems Development Manager; the EDP Operations Manager; the Informational Asset Security Officer Informational Asset Security Officer As the appointed representative of the President and Chief Operating Officer on informational asset security matters, the Informational Asset Security Officer manages and coordinates the security of Canam Group Inc. s informational assets. Policy on the Security of Informational Assets 8
9 In this role, he: advises senior management on potential security risks and on disaster mitigation strategies; recommends to senior management strategic policy directions and intervention priorities pertaining to the security of informational assets; coordinates all security-related actions approved by the various process and informational asset owners; plans and coordinates all the activities necessary for ongoing IT services in the event of a disaster; develops, recommends for approval, implements, manages and evaluates the master plan on the security of informational assets; is responsible for developing and implementing security awareness and training programs, IT security policies, standards and procedures, as well as the authority record; serves as secretary for the Informational Asset Security Committee; coordinates and follows up on all activities resulting from the master plan and action plans on the security of informational assets Systems Development team The Systems Development team ensures that Canam Group Inc. s security requirements are implemented throughout the life cycle of numerical data. It puts in place and implements secure Systems Development practices to ensure that the security functions (availability, integrity, confidentiality, authentication and irrevocability) are applied in accordance with the requirements and access rights defined by the various process and informational asset owners. It provides these latter with the support and advice they need to protect their informational assets, limits the access to information of the IT staff under its authority to information they require to be able to perform their duties, and approves and implements procedures, practices and standards on the security of informational assets. Policy on the Security of Informational Assets 9
10 14.5 Managers With respect to the protection of informational assets, managers must primarily: inform their employees and raise their awareness of the provisions of this policy and the terms and conditions of its implementation; ensure that informational assets are used in accordance with the general principles and other requirements of this policy; be able to justify the use made of informational assets by their employees Users Informational asset users must: be fully aware of, understand and comply with the Policy on the Security of Informational Assets; use informational assets for the purposes for which they are intended and access them only with the User ID and password(s) assigned specifically to them; comply with established guidelines and procedures and with the provisions of this policy. 15. Final provisions 15.1 Sanctions When an informational asset user contravenes this policy or the in-house guidelines derived from this policy, the VP Human Resources will determine, based on the nature and seriousness of the case, whether to apply a disciplinary or administrative sanction, such as a reprimand, suspension, termination, or even the revocation of the right to use any informational assets whatsoever. The VP Human Resources is at liberty to transfer to a judicial authority any information he/she has in connection with a case of this nature which would indicate that an existing law or regulation has been breached Review This policy must be reviewed on a regular basis and no later than three years after it takes effect and whenever changes occur that may affect its content in order to ensure that it fully satisfies the security requirements of Canam Group Inc. Policy on the Security of Informational Assets 10
11 15.3 Implementation and follow-up of the policy The Informational Asset Security Officer is responsible for the implementation of this policy Effective date of the policy This policy takes effect on the date of its approval by the President and Chief Operating Officer Approval The Policy on the Security of Informational Assets is approved by the President and Chief Operating Officer. APPROVED BY: DATE: Policy on the Security of Informational Assets 11
The City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance.
1.0 PURPOSE: Internet access to global electronic information sources on the World Wide Web is provided by the City of Battle Creek to assist in obtaining work-related data and technology. The following
More informationPolicy for the Acceptable Use of Information Technology Resources
Policy for the Acceptable Use of Information Technology Resources Purpose... 1 Scope... 1 Definitions... 1 Compliance... 2 Limitations... 2 User Accounts... 3 Ownership... 3 Privacy... 3 Data Security...
More informationAPHIS INTERNET USE AND SECURITY POLICY
United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This
More informationAPPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES
APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,
More informationCOLLINS CONSULTING, Inc.
COLLINS CONSULTING, Inc. TECHNOLOGY PLATFORM USE POLICY 53-R1 COLLINS CONSULTING, INC. TECHNOLOGY PLATFORM USE POLICY Confidential Collins Consulting, Inc. maintains, as part of its technology platform,
More informationELECTRONIC COMMUNICATIONS: E-MAIL / INTERNET POLICY
ELECTRONIC COMMUNICATIONS: E-MAIL / INTERNET POLICY 1 CONTENTS: 1. INTRODUCTION 2. APPLICABILITY 3. MANAGEMENT RIGHT TO ACCESS INFORMATION 4. PERSONAL USE OF E-MAIL & INTERNET FACILITIES 5. FORBIDDEN CONTENT
More informationInformation Security and Electronic Communications Acceptable Use Policy (AUP)
Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationMISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY
MEMORANDUM TO: FROM: RE: Employee Human Resources MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY Please find attached the above referenced policy that is being issued to each
More informationCOMPUTER, INTERNET, & EMAIL USE POLICY
COMPUTER, INTERNET, & EMAIL USE POLICY SECTION ONE. PURPOSE A. To remain competitive, better serve our Students and provide our employees with the best tools to do their jobs, Jersey City Global Charter
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationRICH TOWNSHIP HIGH SCHOOL Adopted: 7/10/00 DISTRICT 227 Olympia Fields, Illinois
6.55 Page 1 of 1 INSTRUCTION Acceptable Use Policy Computer equipment, including access to the Internet, is to be used in a responsible, efficient, ethical and legal manner in accordance with the mission
More informationLINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy
LINCOLN UNIVERSITY Policy: Computer and Network Usage by Employees Policy Number: HRM-110 Effective Date: July 1, 2009 Revisions: Replaces, as they relate specifically to employees, IT Policies 517 Internet
More informationCity of Grand Rapids ADMINISTRATIVE POLICY
City of Grand Rapids ADMINISTRATIVE POLICY NUMBER: 84-02 DATE: 7/23/84 REVISIONS: 6/17/88; 11/7/00 (replaces old #84-02, #95-07, & #95-08); 6/13/08; 11/26/13 ISSUED BY: City Manager SIGNED: SUBJECT: ELECTRONIC
More informationCOMPUTER USE POLICY. 1.0 Purpose and Summary
COMPUTER USE POLICY 1.0 Purpose and Summary 1. This document provides guidelines for appropriate use of the wide variety of computing and network resources at Methodist University. It is not an all-inclusive
More informationState of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY
State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services Bureau
More informationEMPLOYEE COMPUTER USE POLICY
EMPLOYEE COMPUTER USE POLICY SECTION ONE PURPOSE A. To better serve our students and provide our teachers and other employees with the best tools to do their jobs, Navigator Pointe Academy makes available
More informationCity of Venice Information Technology Usage Policy
City of Venice Information Technology Usage Policy The City of Venice considers information technology (IT) resources to be city resources. It shall be the policy of the city to maintain these resources
More informationAPPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE
TITLE: COMPUTER USE POLICY PAGE 1 OF 5 EFFECTIVE DATE: 07/2001 REVIEW DATES: 02/2003, 09/2006 REVISION DATES: 03/2005, 03/2008 DISTRIBUTION: All Departments PURPOSE APPROVED BY: Signatures on File Chief
More information------------------- COMPUTER NETWORK AGREEMENT FORM
COMPUTER NETWORK AGREEMENT FORM I (we) have read the guidelines for participating in the Wickliffe District Network and Internet Access program and agree to adhere to all ofthe provisions contained therein.
More informationCaldwell Community College and Technical Institute
Caldwell Community College and Technical Institute Student Computer Usage Policies and Procedures I. Campus Computer Usage Overview: The purpose of this document is to define the policies and procedures
More informationPierce County Policy on Computer Use and Information Systems
Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail
More informationExecutive Vice President of Finance and
Name of Policy: Policy Number: Electronic mail services policy. 3364-65-01 Approving Officer: Administration Executive Vice President of Finance and Responsible Agent: Vice President of Information Technology
More informationK-20 Network Acceptable Use Guidelines/Internet Safety Requirements
Page 1 of 5 K-20 Network Acceptable Use Guidelines/Internet Safety Requirements These procedures are written to support the Electronic Resources Policy of the board of directors and to promote positive
More informationTONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE
GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving
More informationAPPROVED BY: DATE: NUMBER: PAGE: 1 of 9
1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationUse of ESF Computing and Network Resources
Use of ESF Computing and Network Resources Introduction: The electronic resources of the State University of New York College of Environmental Science and Forestry (ESF) are powerful tools, shared among
More informationELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY
ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY I. ELECTRONIC COMMUNICATION A. PURPOSE To better serve our citizens and give our workforce the best tools to do their jobs, the Common Council of the
More informationPulaski Technical College
Pulaski Technical College Internet and E-Mail Acceptable Use Policy 1. Introduction Pulaski Technical College provides faculty and staff with technology resources and a local area network with access to
More informationIT and Network Usage Policy of International Islamic University, Islamabad
IT and Network Usage Policy of International Islamic University, Islamabad POLICY STATEMENT Users of International Islamic University network and computer resources have a responsibility to properly/fairly
More informationUSE OF INFORMATION TECHNOLOGY FACILITIES
POLICY CI-03 USE OF INFORMATION TECHNOLOGY FACILITIES Document Control Statement This Policy is maintained by the Information Technology Department. Any printed copy may not be up to date and you are advised
More informationCaldwell Community College and Technical Institute
Caldwell Community College and Technical Institute Employee Computer Usage Policies and Procedures I. PURPOSE: The purpose of this section is to define the policies and procedures for using the administrative
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationDIOCESE OF DALLAS. Computer Internet Policy
DIOCESE OF DALLAS Computer Internet Policy October 2012 Page 1 ROMAN CATHOLIC DIOCESE OF DALLAS COMPUTER SYSTEMS AND INTERNET USE POLICY Summary Definitions: 1. The term Communication(s) Assets as used
More informationMedford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee
Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted
More informationAcceptable Use Policy
Acceptable Use Policy Contents 1. Internet Abuse... 2 2. Bulk Commercial E-Mail... 2 3. Unsolicited E-Mail... 3 4. Vulnerability Testing... 3 5. Newsgroup, Chat Forums, Other Networks... 3 6. Offensive
More informationState of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460.
Subject: Authoritative Policy: Procedure Number: Distribution: Purpose: Acceptable Use of Information Technology (former Ad Guide 1460.00) Standard Number 1340.00 Information Technology Information Security
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationINFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationADMINISTRATIVE MANUAL Policy and Procedure
ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,
More informationCOMPUTER USE IN INSTRUCTION
COMPUTER USE IN INSTRUCTION 4526 The Board of Education is committed to optimizing student learning and teaching. The Board considers student access to a computer network, including the Internet, to be
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationTAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures
TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures A. INTERNET ACCEPTABLE USE POLICY OF THE TAUNTON PUBLIC SCHOOLS I. Mission Statement: Academic
More informationTechnology Department 1350 Main Street Cambria, CA 93428
Technology Department 1350 Main Street Cambria, CA 93428 Technology Acceptable Use and Security Policy The Technology Acceptable Use and Security Policy ( policy ) applies to all CUSD employees and any
More informationPractice Resource. Sample internet and email use policy. Foreword. Policy scope. By David J. Bilinsky 1
Practice Resource Sample internet and email use policy By David J. Bilinsky 1 Foreword Use of email and the Internet can result in a huge productivity increase for a law practice. Through email, lawyers
More informationOXFORD COMMUNITY SCHOOLS 10 North Washington Street, Oxford, Michigan 48371 ACCEPTABLE USE POLICY
OXFORD COMMUNITY SCHOOLS 10 North Washington Street, Oxford, Michigan 48371 ACCEPTABLE USE POLICY 1. Purpose Oxford Community Schools (the District ) recognizes that advancements in technology affect the
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More information3. Electronic Mail (E-mail)
- Title of Agency - Internet Acceptable Use Policy The Following Internet Acceptable Use Policy Applies to the (AGENCY NAME) Staff 1. Introduction The (AGENCY NAME) provides its staff and (other entity(s)
More informationRedland Christian Migrant Association (RCMA) Internet Security and Safety Policy
Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy I. Overview RCMA supports instruction through the use of educational and administrative computers. The responsible use of
More informationSt. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy
Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More information13.19 ETHICS REPORTING POLICY AND PROCEDURE
13.13 SOFTWARE AND COMPUTER USAGE Temple University has adopted an extensive software policy and an extensive computer usage policy that govern the usage of software, hardware, computer related equipment
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationPOLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY
POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY STATEMENT: Many of our employees have access to the internet as well as email capabilities. The County recognizes that these
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationSTANDARDS OF CONDUCT. 1.0 Purpose. 2.0 Scope. 3.0 Principles
Policy: O-5.11 Approved By: College Executive Team Approval Date: February 25, 2004 Amendment Dates: June 24, 2009 October 17, 2014 October 13, 2015 Policy Holder: Exec. Dir. Human Resources STANDARDS
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationSUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE
SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE Directive Concerning the Colorado Judicial Department Electronic Communications Usage Policy: Technical, Security, And System Management Concerns This
More informationForrestville Valley School District #221
Forrestville Valley School District #221 Student Acknowledgment of Receipt of Administrative Procedures for Acceptable Use of the Electronic Network 2015-2016 All use of electronic networks shall be consistent
More informationAcceptable Use Policy
Acceptable Use Policy TABLE OF CONTENTS PURPOSE... 4 SCOPE... 4 AUDIENCE... 4 COMPLIANCE & ENFORCEMENT... 4 POLICY STATEMENTS... 5 1. General... 5 2. Authorized Users... 5 3. Loss and Theft... 5 4. Illegal
More informationComputer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014
I. Introduction Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014 Ohio Wesleyan University (OWU) provides computing resources to support the educational mission and administration
More informationAPPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5
PAGE 1 of 5 PURPOSE Triton College s computer and information network is a continually growing and changing resource supporting thousands of users and systems. These resources are vital for the fulfillment
More informationInternet usage Policy
Internet usage Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationBLOOMFIELD COLLEGE ACCEPTABLE USE POLICY
- 1 BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY Summary of Acceptable Use Policy Bloomfield College provides technology resources to the College Community, including students, faculty, administration, alumni,
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationPRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800
PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 ADMINISTRATIVE POLICY NO. 511 IMPLEMENTATION JANUARY 2014 EMPLOYEE ACCEPTABLE USE POLICY
More informationDelaware State University Policy
Delaware State University Policy Title: Delaware State University Acceptable Use Policy Board approval date: TBD Related Policies and Procedures: Delaware State University Acceptable Use Policy A Message
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationGUILFORD PUBLIC SCHOOLS ACCEPTABLE USE POLICY
GUILFORD PUBLIC SCHOOLS ACCEPTABLE USE POLICY Telecommunications is radically changing the way the world accesses information. A computer network, linked to the Internet, an international computer network
More informationRecommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.
Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationDHHIT Network Security Standards and Procedures
DHHIT Network Security Standards and Procedures Contents 1. Introduction 2 2. Scope 2 3. Definitions 2 4 Employment practices 2 5 Employee responsibility 3 6 Physical security 3 7 Network and Systems Security
More informationPOLICY: INTERNET AND ELECTRONIC COMMUNICATION # 406. APPROVAL/REVISION EFFECTIVE REVIEW DATE: March 2, 2009 DATE: March 10, 1009 DATE: March 2014
POLICY: INTERNET AND ELECTRONIC COMMUNICATION # 406 SECTION: 400 : Facilities and Equipment Page 1 of 8 APPROVAL/REVISION EFFECTIVE REVIEW DATE: March 2, 2009 DATE: March 10, 1009 DATE: March 2014 CROSS
More informationCOMPUTER NETWORK FOR EDUCATION
4526 COMPUTER NETWORK FOR EDUCATION The Southern Westchester Board of Cooperative Educational Services (BOCES) considers student access to a computer network, including the Internet, to be a powerful and
More informationPOLICY TITLE: Computer and Network Service POLICY NO: 698 PAGE 1 of 6
POLICY TITLE: Computer and Network Service POLICY NO: 698 PAGE 1 of 6 GENERAL Computer network service through the Internet provides an electronic highway connecting millions of computers around the world.
More informationII-105 Acceptable Use of Information Resources
Children's Hospital Medical Center Online Policies II-105 Acceptable Use of Information Resources Original Date: 4/20/2005 Last Review Date: 5/12/2008 Purpose Users must not misuse corporate systems in
More informationAppendix I. The City University of New York Policy on Acceptable Use of Computer Resources
Appendix I The City University of New York Policy on Acceptable Use of Computer Resources Introduction CUNY s computer resources are dedicated to the support of the university s mission of education, research
More informationINFORMATION TECHNOLOGY APPROPRIATE USE
INFORMATION TECHNOLOGY APPROPRIATE USE POLICY 1000.0100.12 Section 10, Information Systems Responsible College Officer: Executive Director of Information Systems/CIO Originally Issued: April 24, 2008 Original
More informationTECHNOLOGY ACCEPTABLE USE POLICY
Policy Statement TECHNOLOGY ACCEPTABLE USE POLICY Reason for Policy/Purpose The purpose of this policy is to provide guidelines to the acceptable and ethical behavior that guides use of information and
More informationINFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security
INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security State Fair Community College shall provide a central administrative system for use in data collection and extraction. Any system user
More informationBOARD OF EDUCATION REGULATION EMPLOYEE COMPUTER, NETWORK, INTERNET, AND E-MAIL USE RULES
4529R BOARD OF EDUCATION REGULATION EMPLOYEE COMPUTER, NETWORK, INTERNET, AND E-MAIL USE RULES The Board of Education is committed to the goal of having electronic network facilities used in a responsible,
More informationBates Technical College. Information Technology Acceptable Use Policy
Bates Technical College Information Technology Acceptable Use Policy Consistent with policy adopted by the Board of Trustees, Bates Technical College, hereinafter referred to as the College, has a commitment
More informationMEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT
MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT TO: John Phillips, City Manager Number: 04-020 SUBJECT: Computer Network, Internet and E-Mail Access Policy Date: 9/903 Attached is copy of the Information
More informationTerms and Conditions of Use - Connectivity to MAGNET
I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information
More informationUniversity of Maryland Baltimore Information Technology Acceptable Use Policy
The UMB School of Nursing follows and adheres to the UMB Campus Information Technology Acceptable Use Policy. The UMSON further defines Authorized User to also include any person who receives a password
More informationThe term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.
Website - Terms and Conditions Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together
More informationDocument Title: System Administrator Policy
Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationBoard Adopted Policy
Board Adopted Policy Policy Title Information Technology Systems Usage Effective Date:03/14/2012 Board Approval Date: 6/19/2014 Review Cycle: three (3) years I. Application: Authority wide. II. Intent:
More information5. Users of ITS are the persons described above under Policy Application of the diocese of Springfield in Illinois.
Diocese of Springfield in Illinois Section I General Statement 1. Information Technology Systems (ITS), when properly used, provide timely communication and technological support to help fulfill the mission
More informationExecutive Memorandum No. 16
OFFICE OF THE PRESIDENT Policy for Responsible Use of University Computers and Information Systems 1. Purpose It is the purpose of this Executive Memorandum to set forth the University's administrative
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationSOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY
SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy
More informationPINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM
PINAL COUNTY POLICY AND PROCEDURE 2.50 Subject: ELECTRONIC MAIL AND SCHEDULING SYSTEM Date: November 18, 2009 Pages: 1 of 5 Replaces Policy Dated: April 10, 2007 PURPOSE: The purpose of this policy is
More informationB. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.
Chicago Public Schools Policy Manual Title: ACCEPTABLE USE OF THE CPS NETWORK AND COMPUTER RESOURCES Section: 604.1 Board Report: 09-0722-PO3 Date Adopted: July 22, 2009 Policy: THE CHIEF EXECUTIVE OFFICER
More information