Policy on the Security of Informational Assets

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Policy on the Security of Informational Assets"

Transcription

1 Policy on the Security of Informational Assets Policy on the Security of Informational Assets 1

2 1. Context Canam Group Inc. recognizes that it depends on a certain number of strategic information resources in order to pursue its activities and its mission. It also recognizes that information in all its forms is essential to accomplishing its current operations and, consequently, that all information must be used appropriately and protected adequately in accordance with existing legislation, such as Bill C-198, and best security practices. 2. Objectives The Policy on the Security of Informational Assets expresses Canam Group Inc.'s position with respect to the security measures it deems critical to the protection of its informational assets. This policy aims to define the rules governing the protection of these informational assets, to ensure the pursuit of the company's activities in accordance with its legal and administrative obligations and to ensure the security of the numerical data and the personal or sensitive information it gathers, owns, maintains, uses or exchanges electronically. This policy also identifies and defines the responsibilities of those in charge of its implementation and those who use the informational assets of Canam Group Inc. 3. Definition Informational assets: The informational assets of Canam Group Inc. include the documents produced or received within the scope of the company's operations, regardless of the transmission means used (paper, electronic, verbal or other), computer hardware, computer applications and documents required for their smooth operation, software and software packages, data processing and electronically processed data. 4. Scope 4.1 Assets targeted This policy applies both to information and informational assets: owned or maintained by Canam Group Inc.; owned by Canam Group Inc. and used or maintained by a service provider or third party; owned by a service provider or third party and used by either of them for the benefit of Canam Group Inc. Policy on the Security of Informational Assets 2

3 4.2 People targeted This policy is aimed at: all employees of Canam Group Inc., regardless of their status (regular, occasional, trainee, contractual or management); any person required to use these informational assets in the course of performing work or rendering services on behalf of a partner or supplier on the premises of Canam Group Inc. or other premises. Each employee must read this policy and confirm by electronic means that he/she has received a copy of the policy, has read it, understands it and undertakes to comply with it. For further information on this policy, please contact the Informational Asset Security Officer at Canam Group Inc. 5. Use of information systems 5.1 Property Any computer hardware, software or services purchased, leased or developed by the company remains the property of the company. Any program developed or any information used or produced in any form whatsoever by means of the company's information systems becomes the exclusive property of the company. 5.2 Security Access to the company's computerized services requires a User ID and one or more passwords. The employee is forbidden to allow anyone whatsoever to gain access to these services by using his/her personal ID. The employee assumes full responsibility for any action related to his/her account. Employees authorized to access Canam Group Inc. s systems via the Internet are given an "authentication key" (CryptoCard), which is used to generate onetime passwords. This key is the property of the company and should under no circumstances be loaned. Policy on the Security of Informational Assets 3

4 5.3 Information network Access-control mechanisms, such as firewalls, prevent and detect unauthorized access to the network Security measures designed to protect both the network and access to the Internet ensure the continuity of operations Security measures designed to protect data circulating on the network and on the Internet (e.g., encryption) are put in place to prevent any unauthorized person from intercepting sensitive data. 5.4 Internet use The Internet must be used strictly for business purposes and only during regular working hours. Employees are granted the privilege of using the Internet for personal purposes during breaks and meal periods, but should be aware that such use is restricted as to content. Acceptable content excludes any pornographic, discriminatory or offensive site or information. Accordingly, the company has a control system in place to limit access to certain categories of sites and to allow a detailed follow-up of Internet use. Downloading material from the Internet is strictly forbidden, unless it is clearly within the scope of the employee's duties. 5.5 Workstation The above content restrictions also apply to all files kept on a workstation as well as all "screensavers" and "backgrounds" used. 6. Electronic mail ( ) 6.1 Property Any sent or received via a company computer is the property of the company and may be subject to scrutiny. service is provided as a means of improving employee communications and productivity and must be used for business purposes only. From a practical point of view, the company permits use for personal purposes, but such use remains subject to scrutiny by the company and must be consistent with the company's policy, its current ethical and moral standards and the legislation applicable to the region in which the company operates. Audits will only be conducted by personnel authorized by the company and when circumstances warrant it. Employees recognize that they have no assurance of confidentiality in their communications by . Policy on the Security of Informational Assets 4

5 6.2 Postings The company provides each of its business locations with an electronic bulletin board, accessible via the intranet, to allow employees to post messages of general interest, such as offers to sell or purchase, and other material unrelated to the company s business. 6.3 Confidentiality s should not be viewed as totally confidential given that they are transmitted electronically. Employees should be aware of this when transmitting information of a confidential or proprietary nature. The company will take the necessary measures to protect electronically transmitted messages by preventing their unauthorized interception or modification; however, it is impossible to assure employees of the absolute reliability or confidentiality of electronic messaging. 6.4 Prohibited uses The company's electronic messaging services must not be used in an improper or abusive manner. Accordingly, it is forbidden to: distribute copyrighted material without being duly authorized to do so; send rude, inappropriate or offensive messages, such as racial, sexual or religious slurs; send and/or accept software or software components including attachments that may contain offensive jokes, explicit pictures or files with the suffix.mov,.avi,.exe or.com (types of attachments which are often used to transmit "viruses" to workstations); accept and forward "chain letters" by ; use for solicitation purposes on behalf of external firms or in connection with personal events, charitable organizations, membership in an organization, political or religious causes or for any other purpose unrelated to the company's business. 7. Software management Software represents a major investment for the company. Software refers not only to products purchased from third parties, but also to those developed in-house as well as to related documentation. All software must be safeguarded in such a way as to protect them against unlawful duplication or fraudulent use. Policy on the Security of Informational Assets 5

6 7.1 Licences The company and its employees will comply with the terms and conditions of software license agreements and copyright provisions associated with registered software, software that has been developed in-house and shareware, whether in the public domain or belonging to third parties. The company has adequate control mechanisms in place to ensure that: the company is complying with the license agreements that come with all approved software installed on computers owned or leased by the company; all software and related documentation are protected against unlawful duplication and fraudulent use; software is copied solely for disaster recovery purposes and/or in accordance with the terms and conditions of applicable license agreements. 7.2 Installation All software must be installed by EDP Operations (Electronic Data Processing) personnel to ensure that all workstations have the same configuration. Any unauthorized software will be removed. 7.3 Audits Software suppliers have the right to conduct audits at the company's facilities to ensure that it is complying with the terms and conditions of their license agreements. To ensure such compliance, the company reserves the right to inspect any and all hard drives on a regular basis to make sure that it does indeed hold the license required for every copy of software installed on a hard drive. 8. Continuity of data processing activities The company has written, tested and updated disaster emergency measures in place to ensure the recovery of its critical information systems (within a reasonable timeframe) in the event of a major disaster (e.g., fire, hacking, extended power outage, flooding or maliciousness). 9. Security awareness and training Every manager must raise his/her staff's awareness of the need to protect informational assets, the consequences of a security breach, and the roles and responsibilities of all employees in his/her department or administrative unit with respect to the protection of these assets. Policy on the Security of Informational Assets 6

7 Managers must also make sure that the members of their staff are trained to use informational assets properly and to take all the necessary security precautions to safeguard them in order to minimize the risks of a security breach. 10. Physical security in the workplace Measures to control access to the workplace and the informational assets found there are in place, implemented and kept up-to-date. All computer hardware owned or leased by Canam Group Inc. is identified and classified, and an inventory of all hardware is kept up-to-date. 11. Reporting of incidents Every user has an obligation to immediately report to the person assigned to the security of informational assets any act that may represent an actual or alleged security breach (e.g., theft, intrusion into a network or system, deliberate damage, abusive or fraudulent use). 12. Partners and suppliers Contracts and agreements signed with any Canam Group Inc. partner or supplier must include recognized provisions guaranteeing their compliance with the company s information security requirements. 13. Right of inspection Canam Group Inc. has a right of inspection with respect to the utilization of informational assets by users. This right of inspection will be exercised in accordance with the Canadian Charter of Rights and Freedoms (R.S.C., 1985, c. 42) and the Quebec Charter of Rights and Freedoms (R.S.Q., c. 12). 14. Roles and responsibilities 14.1 President and Chief Operating Officer The President and Chief Operating Officer is the person ultimately responsible for the security of informational assets at Canam Group Inc. In this capacity, he approves the Policy on the Security of Informational Assets and defines related values and policy directions, and ensures that the policy, values and policy directions are communicated to company personnel. He oversees the implementation of the Policy on the Security of Informational Assets and the normative framework derived from it. Policy on the Security of Informational Assets 7

8 He assigns specific, clearly defined responsibilities to the people responsible for the security of Canam Group Inc. s informational assets. He sets up an informational asset security committee and appoints an informational asset security officer to represent him on this issue within Canam Group Inc. and to carry out all of the above measures Informational Asset Security Committee The mandate of the Informational Asset Security Committee is primarily to "approve and recommend for approval by the President and Chief Operating Officer the priorities, policy directions, management framework, policies, guidelines and other strategic matters pertaining to the security of the company's informational assets", after ensuring that they are consistent with the relevant laws, policy directions, policies, guidelines and other recommendations made by senior management. Role and responsibilities of the Informational Asset Security Committee To fulfill its mandate, the Committee must: see annually to the development, implementation, approval and follow-up of a master plan and departmental action plans on the security of informational assets; authorize projects related to the security of informational assets, based on approved budgets; assign activities related to the security of informational assets to working groups or to certain members of personnel; inform the President and Chief Operating Officer when unforeseen circumstances related to the security of informational assets arise. Canam Group Inc. s Informational Asset Security Committee is composed of the following members: the Vice President of Information Technologies; the Systems Development Manager; the EDP Operations Manager; the Informational Asset Security Officer Informational Asset Security Officer As the appointed representative of the President and Chief Operating Officer on informational asset security matters, the Informational Asset Security Officer manages and coordinates the security of Canam Group Inc. s informational assets. Policy on the Security of Informational Assets 8

9 In this role, he: advises senior management on potential security risks and on disaster mitigation strategies; recommends to senior management strategic policy directions and intervention priorities pertaining to the security of informational assets; coordinates all security-related actions approved by the various process and informational asset owners; plans and coordinates all the activities necessary for ongoing IT services in the event of a disaster; develops, recommends for approval, implements, manages and evaluates the master plan on the security of informational assets; is responsible for developing and implementing security awareness and training programs, IT security policies, standards and procedures, as well as the authority record; serves as secretary for the Informational Asset Security Committee; coordinates and follows up on all activities resulting from the master plan and action plans on the security of informational assets Systems Development team The Systems Development team ensures that Canam Group Inc. s security requirements are implemented throughout the life cycle of numerical data. It puts in place and implements secure Systems Development practices to ensure that the security functions (availability, integrity, confidentiality, authentication and irrevocability) are applied in accordance with the requirements and access rights defined by the various process and informational asset owners. It provides these latter with the support and advice they need to protect their informational assets, limits the access to information of the IT staff under its authority to information they require to be able to perform their duties, and approves and implements procedures, practices and standards on the security of informational assets. Policy on the Security of Informational Assets 9

10 14.5 Managers With respect to the protection of informational assets, managers must primarily: inform their employees and raise their awareness of the provisions of this policy and the terms and conditions of its implementation; ensure that informational assets are used in accordance with the general principles and other requirements of this policy; be able to justify the use made of informational assets by their employees Users Informational asset users must: be fully aware of, understand and comply with the Policy on the Security of Informational Assets; use informational assets for the purposes for which they are intended and access them only with the User ID and password(s) assigned specifically to them; comply with established guidelines and procedures and with the provisions of this policy. 15. Final provisions 15.1 Sanctions When an informational asset user contravenes this policy or the in-house guidelines derived from this policy, the VP Human Resources will determine, based on the nature and seriousness of the case, whether to apply a disciplinary or administrative sanction, such as a reprimand, suspension, termination, or even the revocation of the right to use any informational assets whatsoever. The VP Human Resources is at liberty to transfer to a judicial authority any information he/she has in connection with a case of this nature which would indicate that an existing law or regulation has been breached Review This policy must be reviewed on a regular basis and no later than three years after it takes effect and whenever changes occur that may affect its content in order to ensure that it fully satisfies the security requirements of Canam Group Inc. Policy on the Security of Informational Assets 10

11 15.3 Implementation and follow-up of the policy The Informational Asset Security Officer is responsible for the implementation of this policy Effective date of the policy This policy takes effect on the date of its approval by the President and Chief Operating Officer Approval The Policy on the Security of Informational Assets is approved by the President and Chief Operating Officer. APPROVED BY: DATE: Policy on the Security of Informational Assets 11

The City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance.

The City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance. 1.0 PURPOSE: Internet access to global electronic information sources on the World Wide Web is provided by the City of Battle Creek to assist in obtaining work-related data and technology. The following

More information

Policy for the Acceptable Use of Information Technology Resources

Policy for the Acceptable Use of Information Technology Resources Policy for the Acceptable Use of Information Technology Resources Purpose... 1 Scope... 1 Definitions... 1 Compliance... 2 Limitations... 2 User Accounts... 3 Ownership... 3 Privacy... 3 Data Security...

More information

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security and Electronic Communications Acceptable Use Policy (AUP) Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

APHIS INTERNET USE AND SECURITY POLICY

APHIS INTERNET USE AND SECURITY POLICY United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This

More information

COLLINS CONSULTING, Inc.

COLLINS CONSULTING, Inc. COLLINS CONSULTING, Inc. TECHNOLOGY PLATFORM USE POLICY 53-R1 COLLINS CONSULTING, INC. TECHNOLOGY PLATFORM USE POLICY Confidential Collins Consulting, Inc. maintains, as part of its technology platform,

More information

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,

More information

City of Grand Rapids ADMINISTRATIVE POLICY

City of Grand Rapids ADMINISTRATIVE POLICY City of Grand Rapids ADMINISTRATIVE POLICY NUMBER: 84-02 DATE: 7/23/84 REVISIONS: 6/17/88; 11/7/00 (replaces old #84-02, #95-07, & #95-08); 6/13/08; 11/26/13 ISSUED BY: City Manager SIGNED: SUBJECT: ELECTRONIC

More information

ELECTRONIC COMMUNICATIONS: E-MAIL / INTERNET POLICY

ELECTRONIC COMMUNICATIONS: E-MAIL / INTERNET POLICY ELECTRONIC COMMUNICATIONS: E-MAIL / INTERNET POLICY 1 CONTENTS: 1. INTRODUCTION 2. APPLICABILITY 3. MANAGEMENT RIGHT TO ACCESS INFORMATION 4. PERSONAL USE OF E-MAIL & INTERNET FACILITIES 5. FORBIDDEN CONTENT

More information

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services Bureau

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

APPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE

APPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE TITLE: COMPUTER USE POLICY PAGE 1 OF 5 EFFECTIVE DATE: 07/2001 REVIEW DATES: 02/2003, 09/2006 REVISION DATES: 03/2005, 03/2008 DISTRIBUTION: All Departments PURPOSE APPROVED BY: Signatures on File Chief

More information

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY MEMORANDUM TO: FROM: RE: Employee Human Resources MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY Please find attached the above referenced policy that is being issued to each

More information

RICH TOWNSHIP HIGH SCHOOL Adopted: 7/10/00 DISTRICT 227 Olympia Fields, Illinois

RICH TOWNSHIP HIGH SCHOOL Adopted: 7/10/00 DISTRICT 227 Olympia Fields, Illinois 6.55 Page 1 of 1 INSTRUCTION Acceptable Use Policy Computer equipment, including access to the Internet, is to be used in a responsible, efficient, ethical and legal manner in accordance with the mission

More information

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy LINCOLN UNIVERSITY Policy: Computer and Network Usage by Employees Policy Number: HRM-110 Effective Date: July 1, 2009 Revisions: Replaces, as they relate specifically to employees, IT Policies 517 Internet

More information

Caldwell Community College and Technical Institute

Caldwell Community College and Technical Institute Caldwell Community College and Technical Institute Student Computer Usage Policies and Procedures I. Campus Computer Usage Overview: The purpose of this document is to define the policies and procedures

More information

COMPUTER, INTERNET, & EMAIL USE POLICY

COMPUTER, INTERNET, & EMAIL USE POLICY COMPUTER, INTERNET, & EMAIL USE POLICY SECTION ONE. PURPOSE A. To remain competitive, better serve our Students and provide our employees with the best tools to do their jobs, Jersey City Global Charter

More information

City of Venice Information Technology Usage Policy

City of Venice Information Technology Usage Policy City of Venice Information Technology Usage Policy The City of Venice considers information technology (IT) resources to be city resources. It shall be the policy of the city to maintain these resources

More information

Use of Information Technology Resources

Use of Information Technology Resources Title Policy Area Policy Number (to be assigned by Information Services) See also (related policies) Use of Information Technology Resources Operations College Systems and Resources E.5.1 Sexual Violence

More information

K-20 Network Acceptable Use Guidelines/Internet Safety Requirements

K-20 Network Acceptable Use Guidelines/Internet Safety Requirements Page 1 of 5 K-20 Network Acceptable Use Guidelines/Internet Safety Requirements These procedures are written to support the Electronic Resources Policy of the board of directors and to promote positive

More information

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9 1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless

More information

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

State of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460.

State of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460. Subject: Authoritative Policy: Procedure Number: Distribution: Purpose: Acceptable Use of Information Technology (former Ad Guide 1460.00) Standard Number 1340.00 Information Technology Information Security

More information

Caldwell Community College and Technical Institute

Caldwell Community College and Technical Institute Caldwell Community College and Technical Institute Employee Computer Usage Policies and Procedures I. PURPOSE: The purpose of this section is to define the policies and procedures for using the administrative

More information

Use of ESF Computing and Network Resources

Use of ESF Computing and Network Resources Use of ESF Computing and Network Resources Introduction: The electronic resources of the State University of New York College of Environmental Science and Forestry (ESF) are powerful tools, shared among

More information

COMPUTER USE POLICY. 1.0 Purpose and Summary

COMPUTER USE POLICY. 1.0 Purpose and Summary COMPUTER USE POLICY 1.0 Purpose and Summary 1. This document provides guidelines for appropriate use of the wide variety of computing and network resources at Methodist University. It is not an all-inclusive

More information

Pulaski Technical College

Pulaski Technical College Pulaski Technical College Internet and E-Mail Acceptable Use Policy 1. Introduction Pulaski Technical College provides faculty and staff with technology resources and a local area network with access to

More information

IT and Network Usage Policy of International Islamic University, Islamabad

IT and Network Usage Policy of International Islamic University, Islamabad IT and Network Usage Policy of International Islamic University, Islamabad POLICY STATEMENT Users of International Islamic University network and computer resources have a responsibility to properly/fairly

More information

EMPLOYEE COMPUTER USE POLICY

EMPLOYEE COMPUTER USE POLICY EMPLOYEE COMPUTER USE POLICY SECTION ONE PURPOSE A. To better serve our students and provide our teachers and other employees with the best tools to do their jobs, Navigator Pointe Academy makes available

More information

DIOCESE OF DALLAS. Computer Internet Policy

DIOCESE OF DALLAS. Computer Internet Policy DIOCESE OF DALLAS Computer Internet Policy October 2012 Page 1 ROMAN CATHOLIC DIOCESE OF DALLAS COMPUTER SYSTEMS AND INTERNET USE POLICY Summary Definitions: 1. The term Communication(s) Assets as used

More information

Executive Vice President of Finance and

Executive Vice President of Finance and Name of Policy: Policy Number: Electronic mail services policy. 3364-65-01 Approving Officer: Administration Executive Vice President of Finance and Responsible Agent: Vice President of Information Technology

More information

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information

More information

Pierce County Policy on Computer Use and Information Systems

Pierce County Policy on Computer Use and Information Systems Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY I. ELECTRONIC COMMUNICATION A. PURPOSE To better serve our citizens and give our workforce the best tools to do their jobs, the Common Council of the

More information

USE OF INFORMATION TECHNOLOGY FACILITIES

USE OF INFORMATION TECHNOLOGY FACILITIES POLICY CI-03 USE OF INFORMATION TECHNOLOGY FACILITIES Document Control Statement This Policy is maintained by the Information Technology Department. Any printed copy may not be up to date and you are advised

More information

------------------- COMPUTER NETWORK AGREEMENT FORM

------------------- COMPUTER NETWORK AGREEMENT FORM COMPUTER NETWORK AGREEMENT FORM I (we) have read the guidelines for participating in the Wickliffe District Network and Internet Access program and agree to adhere to all ofthe provisions contained therein.

More information

Practice Resource. Sample internet and email use policy. Foreword. Policy scope. By David J. Bilinsky 1

Practice Resource. Sample internet and email use policy. Foreword. Policy scope. By David J. Bilinsky 1 Practice Resource Sample internet and email use policy By David J. Bilinsky 1 Foreword Use of email and the Internet can result in a huge productivity increase for a law practice. Through email, lawyers

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

3. Electronic Mail (E-mail)

3. Electronic Mail (E-mail) - Title of Agency - Internet Acceptable Use Policy The Following Internet Acceptable Use Policy Applies to the (AGENCY NAME) Staff 1. Introduction The (AGENCY NAME) provides its staff and (other entity(s)

More information

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

APPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5

APPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5 PAGE 1 of 5 PURPOSE Triton College s computer and information network is a continually growing and changing resource supporting thousands of users and systems. These resources are vital for the fulfillment

More information

Delaware State University Policy

Delaware State University Policy Delaware State University Policy Title: Delaware State University Acceptable Use Policy Board approval date: TBD Related Policies and Procedures: Delaware State University Acceptable Use Policy A Message

More information

ADMINISTRATIVE MANUAL Policy and Procedure

ADMINISTRATIVE MANUAL Policy and Procedure ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy Contents 1. Internet Abuse... 2 2. Bulk Commercial E-Mail... 2 3. Unsolicited E-Mail... 3 4. Vulnerability Testing... 3 5. Newsgroup, Chat Forums, Other Networks... 3 6. Offensive

More information

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy

More information

COMPUTER USE IN INSTRUCTION

COMPUTER USE IN INSTRUCTION COMPUTER USE IN INSTRUCTION 4526 The Board of Education is committed to optimizing student learning and teaching. The Board considers student access to a computer network, including the Internet, to be

More information

POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY

POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY STATEMENT: Many of our employees have access to the internet as well as email capabilities. The County recognizes that these

More information

STANDARDS OF CONDUCT. 1.0 Purpose. 2.0 Scope. 3.0 Principles

STANDARDS OF CONDUCT. 1.0 Purpose. 2.0 Scope. 3.0 Principles Policy: O-5.11 Approved By: College Executive Team Approval Date: February 25, 2004 Amendment Dates: June 24, 2009 October 17, 2014 October 13, 2015 Policy Holder: Exec. Dir. Human Resources STANDARDS

More information

Executive Memorandum No. 16

Executive Memorandum No. 16 OFFICE OF THE PRESIDENT Policy for Responsible Use of University Computers and Information Systems 1. Purpose It is the purpose of this Executive Memorandum to set forth the University's administrative

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

DHHIT Network Security Standards and Procedures

DHHIT Network Security Standards and Procedures DHHIT Network Security Standards and Procedures Contents 1. Introduction 2 2. Scope 2 3. Definitions 2 4 Employment practices 2 5 Employee responsibility 3 6 Physical security 3 7 Network and Systems Security

More information

University of Maryland Baltimore Information Technology Acceptable Use Policy

University of Maryland Baltimore Information Technology Acceptable Use Policy The UMB School of Nursing follows and adheres to the UMB Campus Information Technology Acceptable Use Policy. The UMSON further defines Authorized User to also include any person who receives a password

More information

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT TO: John Phillips, City Manager Number: 04-020 SUBJECT: Computer Network, Internet and E-Mail Access Policy Date: 9/903 Attached is copy of the Information

More information

TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures

TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures A. INTERNET ACCEPTABLE USE POLICY OF THE TAUNTON PUBLIC SCHOOLS I. Mission Statement: Academic

More information

Bates Technical College. Information Technology Acceptable Use Policy

Bates Technical College. Information Technology Acceptable Use Policy Bates Technical College Information Technology Acceptable Use Policy Consistent with policy adopted by the Board of Trustees, Bates Technical College, hereinafter referred to as the College, has a commitment

More information

OXFORD COMMUNITY SCHOOLS 10 North Washington Street, Oxford, Michigan 48371 ACCEPTABLE USE POLICY

OXFORD COMMUNITY SCHOOLS 10 North Washington Street, Oxford, Michigan 48371 ACCEPTABLE USE POLICY OXFORD COMMUNITY SCHOOLS 10 North Washington Street, Oxford, Michigan 48371 ACCEPTABLE USE POLICY 1. Purpose Oxford Community Schools (the District ) recognizes that advancements in technology affect the

More information

13.19 ETHICS REPORTING POLICY AND PROCEDURE

13.19 ETHICS REPORTING POLICY AND PROCEDURE 13.13 SOFTWARE AND COMPUTER USAGE Temple University has adopted an extensive software policy and an extensive computer usage policy that govern the usage of software, hardware, computer related equipment

More information

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3 Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use

More information

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy 1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines

More information

Technology Department 1350 Main Street Cambria, CA 93428

Technology Department 1350 Main Street Cambria, CA 93428 Technology Department 1350 Main Street Cambria, CA 93428 Technology Acceptable Use and Security Policy The Technology Acceptable Use and Security Policy ( policy ) applies to all CUSD employees and any

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...

More information

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8. micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5

More information

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security State Fair Community College shall provide a central administrative system for use in data collection and extraction. Any system user

More information

TECHNOLOGY ACCEPTABLE USE POLICY

TECHNOLOGY ACCEPTABLE USE POLICY Policy Statement TECHNOLOGY ACCEPTABLE USE POLICY Reason for Policy/Purpose The purpose of this policy is to provide guidelines to the acceptable and ethical behavior that guides use of information and

More information

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder

More information

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE Directive Concerning the Colorado Judicial Department Electronic Communications Usage Policy: Technical, Security, And System Management Concerns This

More information

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT. Website - Terms and Conditions Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together

More information

Riverside School Board

Riverside School Board Policy Name: Use of Technology Policy Number: B328-20100216 Date Submitted to Executive: 2009-12-01 Date Received at Council: 2009-12-15 Consultation Period: December 16, 2009 to February 2, 2010 Date

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800

PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 ADMINISTRATIVE POLICY NO. 511 IMPLEMENTATION JANUARY 2014 EMPLOYEE ACCEPTABLE USE POLICY

More information

Terms and Conditions of Use - Connectivity to MAGNET

Terms and Conditions of Use - Connectivity to MAGNET I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information

More information

Administrative Procedure 3720 Computer and Network Use

Administrative Procedure 3720 Computer and Network Use Reference: 17 U.S.C. Section 101 et seq.; Penal Code Section 502, Cal. Const., Art. 1 Section 1; Government Code Section 3543.1(b); Federal Rules of Civil Procedure, Rules 16, 26, 33, 34, 37, 45 The District

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy TABLE OF CONTENTS PURPOSE... 4 SCOPE... 4 AUDIENCE... 4 COMPLIANCE & ENFORCEMENT... 4 POLICY STATEMENTS... 5 1. General... 5 2. Authorized Users... 5 3. Loss and Theft... 5 4. Illegal

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Information Security Program

Information Security Program Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security

More information

Human Resources Policy and Procedure Manual

Human Resources Policy and Procedure Manual Procedure: maintains a computer network and either purchases software for use in the network or develops proprietary software systems for Company use. Company employees are generally authorized to use

More information

GREENWICH PUBLIC SCHOOLS Greenwich, Connecticut

GREENWICH PUBLIC SCHOOLS Greenwich, Connecticut Policy E-040 Effective Learning Environment GREENWICH PUBLIC SCHOOLS Greenwich, Connecticut Procedure E-040.4 - Acceptable Use and Internet Safety Agreement Acceptable Technology Use Regulations/Internet

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy

Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy I. Overview RCMA supports instruction through the use of educational and administrative computers. The responsible use of

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

COMPUTER NETWORK FOR EDUCATION REGULATION

COMPUTER NETWORK FOR EDUCATION REGULATION COMPUTER NETWORK FOR EDUCATION REGULATION 4526-R The following rules and regulations govern the use of the district's computer network system and access to the Internet. I. Administration The Superintendent

More information

CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015

CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015 GOLDFIELDS MONEY LIMITED ACN 087 651 849 CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015 1. Purpose This Code of Conduct (Code) clearly states the standards of responsibility and

More information

BOARD OF EDUCATION REGULATION EMPLOYEE COMPUTER, NETWORK, INTERNET, AND E-MAIL USE RULES

BOARD OF EDUCATION REGULATION EMPLOYEE COMPUTER, NETWORK, INTERNET, AND E-MAIL USE RULES 4529R BOARD OF EDUCATION REGULATION EMPLOYEE COMPUTER, NETWORK, INTERNET, AND E-MAIL USE RULES The Board of Education is committed to the goal of having electronic network facilities used in a responsible,

More information

Computing and Network Use Policy

Computing and Network Use Policy Computing and Network Use Policy Category: University Area Date Established: Responsible Office: Office of the Chief Information Officer Date Last Revised: - 3/26/2007 Responsible Executive: CIO Date Posted

More information

COMPUTER NETWORK FOR EDUCATION

COMPUTER NETWORK FOR EDUCATION 4526 COMPUTER NETWORK FOR EDUCATION The Southern Westchester Board of Cooperative Educational Services (BOCES) considers student access to a computer network, including the Internet, to be a powerful and

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Sample Policies for Internet Use, Email and Computer Screensavers

Sample Policies for Internet Use, Email and Computer Screensavers Sample Policies for Internet Use, Email and Computer Screensavers In many of its financial management reviews, the Technical Assistance Section has encouraged municipalities to develop and adopt policies

More information

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative

More information

Document Title: System Administrator Policy

Document Title: System Administrator Policy Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

SOUTH DAKOTA BOARD OF REGENTS. Policy Manual

SOUTH DAKOTA BOARD OF REGENTS. Policy Manual SOUTH DAKOTA BOARD OF REGENTS Policy Manual SUBJECT: Acceptable Use of Information Technology Systems NUMBER: 7:1 1. Purpose The Board acquires, maintains and operates information technology systems to

More information

The supplier shall have appropriate policies and procedures in place to ensure compliance with

The supplier shall have appropriate policies and procedures in place to ensure compliance with Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations

More information

POLICY TITLE: Computer and Network Service POLICY NO: 698 PAGE 1 of 6

POLICY TITLE: Computer and Network Service POLICY NO: 698 PAGE 1 of 6 POLICY TITLE: Computer and Network Service POLICY NO: 698 PAGE 1 of 6 GENERAL Computer network service through the Internet provides an electronic highway connecting millions of computers around the world.

More information