STANDARDISATION IN E-ARCHIVING
|
|
- Marlene Ray
- 8 years ago
- Views:
Transcription
1 STANDARDISATION IN E-ARCHIVING R E Q U I R E M E N T S A N D C O N T R O L S F O R D I G I T I S AT I O N A N D E - A R C H I V I N G S E R V I C E P R O V I D E R S Alain Wahl 1
2 Requirements and cntrls fr qualified PSDCs OBJECTIVES OF THIS PRESENTATION Understand what infrmatin security is Understand what an Infrmatin Security Management System (ISMS) is Understand what are the activities f risk assessment and risk treatment Understand what infrmatin security cntrls are 2
3 Requirements and cntrls fr qualified PSDCs SUMMARY Intrductin Supervisin scheme fr qualified PSDCs Grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 f the law f 25 July 2015 n electrnic archiving Infrmatin Security Management System (ISMS) Infrmatin Security Risk Management Infrmatin Security Cntrls 3
4 Requirements and cntrls fr qualified PSDCs SUMMARY Intrductin Supervisin scheme fr qualified PSDCs Grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 f the law f 25 July 2015 n electrnic archiving Infrmatin Security Management System (ISMS) Infrmatin Security Risk Management Infrmatin Security Cntrls 4
5 Requirements and cntrls fr qualified PSDCs INTRODUCTION Infrmatin Security Management System (ISMS) Infrmatin security needs gd management Gd prcesses Gd technlgy 5
6 Requirements and cntrls fr qualified PSDCs INTRODUCTION 6
7 Requirements and cntrls fr qualified PSDCs INTRODUCTION Infrmatin Security Management System (ISMS) Objectives Reduce the number f incidents Reduce the impact f incidents Learn frm wn and thers experience 7
8 Requirements and cntrls fr qualified PSDCs INTRODUCTION Infrmatin Security Management System (ISMS) Bruce Schneier: Security is a chain: it is as strng as its weakest link Kevind Mitnick: Peple are the weakest link. 8
9 Requirements and cntrls fr qualified PSDCs SUMMARY Intrductin Supervisin scheme fr qualified PSDCs Grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 f the law f 25 July 2015 n electrnic archiving Infrmatin Security Management System (ISMS) Infrmatin Security Risk Management Infrmatin Security Cntrls 9
10 Digital trust and e-archiving SUPERVISION SCHEME FOR QUALIFIED PSDC Trusted list Eurpean cperatin fr Accreditatin (EA) Internatinal Accreditatin Frum (IAF) Supervisin status ILNAS (Natinal Supervisry Bdy) Assessment & supervisin cnclusins Digitisatin Electrnic archiving Organisatin Ntificatin fr supervisin Assessment reprt Natinal Accreditatin Bdy (OLAS) Accredited Cnfrmity Assessment Bdy (CAB) Accreditatin against ETSI EN Assessrs Cnfrmity assessment (audit) against the grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 10
11 Requirements and cntrls fr qualified PSDCs SUMMARY Intrductin Supervisin scheme fr qualified PSDCs Grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 f the law f 25 July 2015 n electrnic archiving Infrmatin Security Management System (ISMS) Infrmatin Security Risk Management Infrmatin Security Cntrls 11
12 Requirements and cntrls fr qualified PSDCs Requirements and cntrls fr certifying digitizatin r e-archiving service prviders Unique reference cntaining all the cnditins fr btaining the qualified PSDC status Based n internatinal standards ISO/IEC 27001:2013 ISO/IEC 27002:2013 ISO 30301:2011 Published in the Mémrial A N 150 f 4 August 2015 ( 12
13 Requirements and cntrls fr qualified PSDCs General cncepts Descriptin f the digitizatin and e-archiving prcesses Security framewrk Infrmatin Security Management System (ISMS) Based n ISO/IEC 27001:2013 Cmplements related t the digitisatin prcess Cmplements related t the e-archiving prcess Objectives and cntrls related t the security management and the peratinal management Based n ISO/IEC 27002:2013 Cmplements related t the digitisatin prcess Cmplements related t the e-archiving prcess Appendixes 13
14 Requirements and cntrls fr qualified PSDCs Digitisatin prcess 14
15 Requirements and cntrls fr qualified PSDCs Preservatin prcess 15
16 Requirements and cntrls fr qualified PSDCs SUMMARY Intrductin Supervisin scheme fr qualified PSDCs Grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 f the law f 25 July 2015 n electrnic archiving Infrmatin Security Management System (ISMS) Infrmatin Security Risk Management Infrmatin Security Cntrls 16
17 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) Management f the Infrmatin Security Cnfidentiality, Integrity, Availability, Nn-repudiatin Management system Set f prcedures an rganisatin shall apply in rder t reach its bjectives Systemizing f the rganisatin in its way f perating Define, implement, maintain and imprve an ISMS In rder t manage the risks related t the prcesses f digitizatin and e-archiving Qualified PSDCs shall respect all the infrmatin security requirements specified in : The internatinal standard ISO/IEC 27001:2013 The clause 6 f the appendix f the grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1, cmpleting the requirements 17
18 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) Applicable t any rganisatin Small r big, fr any prduct r service, fr any sectr Everyne is cncerned within the scpe f the standard Cntinual imprvement An rganisatin r a cmpany evaluates its situatin, determines bjectives and creates a strategy, invests actins t achieve these bjectives, then evaluates the results and adapts the prcesses t imprve (PDCA) Assessable Smene may assess that there is n gap between the standard and the management system Dcumentatin transitin frm ral traditin t scriptural traditin Cnfrmity assessment Prvides trust t stakehlders 18
19 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) Security cntrls Organisatinal and technical setting allwing t reduce ne r several security risks Reducing vulnerability f the assets Reducing impact f incidents Prevent and anticipate threats Final aim f the discipline: Security f infrmatin system Management f security cntrls Wh is ding what? When? Hw? These cntrls are they: Dcumented? Apprpriate and prprtinal? Efficient? 19
20 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) Management f cnfrmity D I knw the applicable requirements: Legal and regulatry Cntractual Am I able t listen them in terms f: Security cntrls? Security needs? 20
21 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) Risk Management Which events n the infrmatin system culd harm my infrmatin and my cre business prcesses? D I knw cntrls t reduce the risk f these events r t reduce the cnsequences? D I invest the resurces needed fr the risk management? Management f incidents D I identify events harming security f my infrmatin prcesses? D I establish the needed resurces: T minimise the cnsequences? T insure business cntinuity? D I learn frm my incidents? 21
22 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) Security plicy Are my management prcesses applicable t all my activities? Are my activities crdinated? Is my leadership invlved in the security management? Des my security management imprve? 22
23 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) 6.1 General requirements ISMS in accrdance with all the requirements specified in ISO/IEC Cntext f the rganizatin Understand the rganisatin and its cntext Understand the needs and expectatins f the stakehlders Define the scpe f the ISMS 6.3 Leadership invlvement fr the ISMS Infrmatin security plicy with bjectives shall be defined Necessary resurces are available ISMS achieves given gals Guarantee f cntinued perfrmance, in case f cessatin f activity 23
24 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) 6.4 Planning the ISMS The management shall establish a Security plicy (bjectives, cmmitment f the management, imprvement) Plicy Risk evaluatin Statement f Applicability (SA) including cntrls f ISO/IEC 27002:2013 Cntrls can nly be excluded if n risks r belw level f risk acceptance Risk Evaluatin Risk Treatment Plan Any exclusin shall be dcumented and justified in SA SA 24
25 Requirements and cntrls fr qualified PSDCs Infrmatin Security Management System (ISMS) 6.5 Evaluatin f the perfrmance f the ISMS Internal audit, impartiality f auditrs Review at least nce a year r in case f majr changes The Results f risk analysis The financial stability f the rganizatin Management review 6.6 Imprvement Nn-cnfrmity and crrective actin React t nn-cnfrmities crrective actins management f cnsequences Evaluate the need t eliminate causes f nn-cnfrmity Establish actins and changes t ISMS if needed Check effectiveness f crrective actins Dcumentatin 25
26 Requirements and cntrls fr qualified PSDCs SUMMARY Intrductin Supervisin scheme fr qualified PSDCs Grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 f the law f 25 July 2015 n electrnic archiving Infrmatin Security Management System (ISMS) Infrmatin Security Risk Management Infrmatin Security Cntrls 26
27 Requirements and cntrls fr qualified PSDCs Infrmatin Security Risk Management What is a risk? Effect f uncertainty n bjectives An effect is a deviatin frm the expected psitive r negative (in infrmatin security we deal with negative effects) Risk is ften characterized by reference t ptential events and cnsequences, r a cmbinatin f these. Infrmatin security risk is assciated with the ptential that threats will explit vulnerabilities f an infrmatin asset r grup f infrmatin assets and thereby cause harm t an rganizatin. 27
28 Requirements and cntrls fr qualified PSDCs Infrmatin Security Risk Management Risk assessment Establish the cntext and the scpe Risk Identificatin Risk Analysis Risk Evaluatin Risk Treatment Mnitring 28
29 Requirements and cntrls fr qualified PSDCs Infrmatin Security Risk Management Infrmatin security risk assessment Identify the risks: threats Examples: Virus intrusin Fire Spying Overlad f infrmatin netwrk Crruptin f the data, vilatin f user rights Vulnerabilities: Missing f daily update Prtable database Plicy f easy passwrd Light internet netwrk security ISO/IEC 27005:
30 Requirements and cntrls fr qualified PSDCs Infrmatin Security Risk Management R = L * C 30
31 Requirements and cntrls fr qualified PSDCs Infrmatin Security Risk Management Level f risk: magnitude f a risk expressed in terms f the cmbinatin f cnsequences and their likelihd R = L * C Threat: ptential cause f an unwanted incident, which may result in harm t a system r rganisatin Cnsequence: utcme f an event affecting bjectives Vulnerability: weakness f an asset r cntrl that can be explited by ne r mre threats 31
32 Requirements and cntrls fr qualified PSDCs Infrmatin Security Risk Management Risk treatment Aviding the risk by deciding nt t start r cntinue with the activity that gives rise t the risk Taking r increasing risk in rder t pursue an pprtunity Remving the risk surce (i.e. the threat; nt applicable t infrmatin security) Changing the likelihd (i.e. f the threat; t read as changing the likelihd that and incident happens ) Changing the cnsequences Sharing the risk with anther party r parties (including cntracts and risk financing) Accepting the risk by infrmed chice 32
33 Requirements and cntrls fr qualified PSDCs Infrmatin Security Risk Management Threats Risk Evaluatin Risk Treatment Cntrls 33
34 Requirements and cntrls fr qualified PSDCs SUMMARY Intrductin Supervisin scheme fr qualified PSDCs Grand-ducal regulatin f 25 July 2015 n executin f article 4 paragraph 1 f the law f 25 July 2015 n electrnic archiving Infrmatin Security Management System (ISMS) Infrmatin Security Risk Management Infrmatin Security Cntrls 34
35 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Security recmmendatins r requirements Classical recmmendatins f security experts Sme cntrls are quite general, sme precise Sme cntrls are applicable t all the rganisatin, sme are applicable t specific areas Prvide recmmendatins which may be large and may include ther security cntrls Selected t reduce risk t an acceptable level after their evaluatin Plicies (rules), dcumented prcedures, guidelines, practices, rganizatinal structures Administrative Technical Legal 35
36 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls ISO/IEC ISO/IEC & Articles r Clauses Security cntrls Appendix A Detailed descriptin f security cntrls 36
37 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Security Plicy Prvide a security rientatin Management supprt Digitizatin plicy E-archiving plicy Take in accunt strategy, legal & cntractual requirements, threats Cntain definitin f infrmatin security, bjectives and principles, respnsibilities Examples f cntent: access cntrl, classificatin f infrmatin, physical security, backup, transfer f infrmatin, prtectin against malware, management f vulnerabilities, Revue f plicies: Within regular intervals r during significant changes Shall be validated regularly by management 37
38 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Organisatin f the infrmatin security Management f infrmatin security Cntrl the implementatin f infrmatin security Rles and respnsibilities in infrmatin security: Frmalised attributin f respnsibilities Segregatin f duties: Identificatin f rles Actin, validatin and supervisin Limitatin f gathering functins Relatinship with authrities: Updating the related listing Incident management t cmmunicate 38
39 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Management f assets Inventry f assets Owners and respnsibilities related t assets Crrect use f assets Classificatin f infrmatin: Criteria value, legal requirements, sensibility and criticality Media handling USB key, CDs, physical transfer Security f human resurces Befre recruitment During cntract End r mdificatin f cntract 39
40 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Access cntrl Manage access t infrmatin User access management Registratin and suppressin f users Creatin f accunts and access rights Management f privileged access rights Management f secret infrmatin fr authenticatin Review f access rights Suppressin and mdificatin f access rights User respnsibilities System and applicatin access cntrl Restricted access t infrmatin Prcedure fr secured cnnexin Use f sftware fr privileged rights Access cntrl t surce cde 40
41 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Physical and envirnmental security Prhibit any nn authrized access Security znes Material security Operatinal security and telecmmunicatin Dcumentatin f peratinal prcedures Separate dmains and tasks f respnsibility Separate testing, develpment and peratinal equipment Prtectin against malware Establish back-up cpies Management f netwrk security Supervisin Prvide a crrect and secured management f digitizatin and e-archiving prcesses 41
42 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Cryptgraphy: Plicy fr use f cryptgraphy Management f cryptgraphic keys Management f keys and certificates PKI Acquisitin, develpment and maintenance f infrmatin systems Mnitring the inclusin f security issues in the infrmatin systems Gd functining f the applicatin Cryptgraphic cntrls 42
43 Requirements and cntrls fr qualified PSDCs Infrmatin Security Cntrls Management f infrmatin security incidents Reprting f incidents and failures Management f imprvements and incidents Management f business cntinuity activity Prevent interruptins Cnfrmity Cnfrmity with legal requirements Cnfrmity t plicy and standards Cnsideratin f the audit reprt 43
44 THANK YOU Fr Yur Attentin Fr mre infrmatin: ILNAS Département de la cnfiance numérique 1, Avenue du Swing L-4367 Belvaux (+352) (+352)
ISO Management Systems. Guidance on understanding the benefits of an ISO Management System
ISO Management Systems Guidance n understanding the benefits f an ISO Management System Welcme & Intrductins 4031 University Drive, 206, Fairfax, VA 22030 3 Grant Square, 243, Hinsdale, IL 60521 www.radiancmpliance.cm
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationSTANDARDISATION IN E-ARCHIVING. D I G I TA L T R U S T A N D E - A R C H I V I N G Alain Wahl
STANDARDISATION IN E-ARCHIVING D I G I TA L T R U S T A N D E - A R C H I V I N G Alain Wahl 1 OBJECTIVES OF THIS PRESENTATION Understand the cncept f digital trust Definitin Digital trust department f
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationTraining - Quality Manual
Training - Quality Manual 1 st Octber 2010 Babcck Internatinal Grup PLC www.babcck.c.uk/training Key Cntacts... Errr! Bkmark nt defined. Authrities...2 Intrductin t Babcck Internatinal Grup...3 Meeting
More informationINFRASTRUCTURE TECHNICAL LEAD
1. PURPOSE OF POSITION This psitin is respnsible fr the delivery f peratinal supprt and maintenance f the TDHB IT infrastructure envirnment. This rle is als pivtal in the develpment and delivery f infrastructure
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationVendor Management. Federal Deposit Insurance Corporation Division of Risk Management Supervision Atlanta Regional Office.
Vendr Management Federal Depsit Insurance Crpratin Divisin f Risk Management Supervisin Atlanta Reginal Office June 18, 2014 1 Agenda Intrductin Vendr Management Overview Regulatry Expectatins Bard and
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationHow To Write An Ehsms Training, Awareness And Competency Procedure
Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationMANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016
MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationPOLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES
POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES M. PĘCIŁŁO Central Institute fr Labur Prtectin ul. Czerniakwska
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationSECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain
More informationSERVICE DESK TEAM LEADER
1. PURPOSE OF POSITION The Service Desk Team Leader rle is respnsible fr managing the peratin f the Service Desk. This rle is crucial t ensuring custmer requirements are met in terms f cmmunicatin, priritising,
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationProjects Director Report Guidelines. IPMA Level A
Prjects Directr Reprt Guidelines IPMA Level A Cntents 1. GENERAL PROVISIONS.. 2 2. PROJECT PORTFOLIO / PROGRAMME DESCRIPTION...2 3. PROJECTS DIRECTOR REPORT 5 4. ANNEXES..7 Authr Classificatin Status Electrnic
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationPresentation: The Demise of SAS 70 - What s Next?
Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS
More informationRisk Management Policy AGL Energy Limited
Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security
ISMF Standard 141 OCIO/S4.6 Gvernment standard n cyber security Prepared by: Office f the Chief Infrmatin Officer Versin: v1.0 Date: 12 September 2014 GOVERNMENT STANDARD ON CYBER SECURITY OCIO/S4.6 Cnfidentiality:
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationPOSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position
Psitin Title I.T Prject Officer Classificatin Higher Educatin Wrker, Level 7 Respnsible t The Psitin I.T Manager The psitin assists with the cmpletin f varius IT prjects intended t enable the nging administratin
More informationCommunicating Deficiencies in Internal Control to Those Charged with Governance and Management
Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal
More informationITIL Release Control & Validation (RCV) Certification Program - 5 Days
ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationProject Management Fact Sheet:
Prject Fact Sheet: Managing Small Prjects Versin: 1.2, Nvember 2008 DISCLAIMER This material has been prepared fr use by Tasmanian Gvernment agencies and Instrumentalities. It fllws that this material
More informationNHVAS Mass Management Spot Check Checklist
Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified
More informationIRCA Briefing note: ISO/FDIS 19011:2011 Guidelines for auditing management systems
IRCA Briefing nte: ISO/FDIS 19011:2011 Guidelines fr auditing management systems Intrductin The Internatinal Register f Certificated Auditrs (IRCA) has prepared this briefing nte t cmmunicate t IRCA Certificated
More informationInformation Security Incident Response Plan
Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationBIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements
BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive
More informationProfessional Leaders/Specialists
Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationHow To Manage An Infrmatin Security Gvernance Prgram
CCISO Ttal Duratin: 10 Days, 80 Hurs Dmain 1: Gvernance Qualifying areas under Dmain 1 include (but are nt limited t) the fllwing: Define, implement, manage and maintain an infrmatin security gvernance
More informationITIL Foundation Certification Course v3 Information Technology Service Management (MIE-ITIL-FDN, 3 days)
ITIL Fundatin Certificatin Curse v3 Infrmatin Technlgy Service Management Curse Overview The purpse f the ITIL Fundatin certificate in IT Service Management is t certify that the candidate has gained knwledge
More informationIT CHANGE MANAGEMENT POLICY
IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement
More informationFY 2014 Senior Level (SL) and Scientific or Professional (ST) Performance Appraisal System Opening Guidance
Office f Executive Resurces Office f the Chief Human Capital Officer U.S. Department f Energy FY 2014 Senir Level (SL) and Scientific r Prfessinal (ST) Perfrmance Appraisal System Opening Guidance Table
More informationIncident Management-Roles and Responsibilities
Enterprise Services Incident Management- Rles and Respnsibilities Fr Key Stakehlders Table f Cntents 1. Intrductin:... 2 2. Objective:... 2 3. In Scpe:... 2 4. Out f Scpe:... 3 5. Incident Management is
More information17 Construction environmental management plan (CEMP)
17 Cnstructin envirnmental management plan (CEMP) Bur Happld Cntents 17 Cnstructin Envirnmental Management Plan (CEMP) 17-1 17.1 Intrductin 17-1 17.2 Intrductin t EMS 17-1 17.2.1 Plicy 17-2 17.2.2 Planning
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationThe actions discussed below in this Appendix assume that the firm has already taken three foundation steps:
MAKING YOUR MARK 6.1 Gd Practice This sectin presents an example f gd practice fr firms executing plans t enter the resurces sectr supply chain fr the first time, r fr thse firms already in the supply
More informationITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days
ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationElectronic Commerce - Effect on the Audit of Financial Statements
STATEMENT OF AUDITING PRACTICE SAP 1013 Electrnic Cmmerce - Effect n the Audit f Financial Statements This Statement f Auditing Practice was apprved by the Cuncil f the Institute f Certified Public Accuntants
More informationITU-T IdMFG Framework Work Group
ITU-T IdMFG Framewrk Wrk Grup Internatinal Telecmmunicatin Unin 1 Evlutin f Identity Management Presence (Inference frm vide cameras, RFID sensrs, etc.) Implicit Bimetrics (Key strkes, vice, face) Transparent
More informationnbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.
Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr
More informationRATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority
RATIONALE With the intrductin f the Excellent Care fr All Act, hspital bards must nw have a quality cmmittee that reprts t the bard. The template prvides sample terms f references fr rganizatins t adapt
More informationGUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN
Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm
More informationMajor capital investment in councils. Good practice checklist for project managers
Majr capital investment in cuncils checklist fr prject managers Prepared by Audit Sctland March 2013 b The Accunts Cmmissin The Accunts Cmmissin is a statutry, independent bdy which, thrugh the audit prcess,
More informationJunior Medical Officer. Supervision Guideline SAMPLE ONLY
Junir Medical Officer Supervisin Guideline SAMPLE ONLY Versin 1.0 February 2011 The Junir Dctr Supervisin Guideline has been develped by SA IMET t prvide facilities with a plicy guideline. Facilities may
More informationBusiness Continuity Management Systems Foundation Training Course
Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationCloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013
Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies
More informationBusiness Continuity Management Policy
Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir
More informationPOSITION NUMBER: LOCATION: Vancouver. DATE: February 2009
POSITION TITLE: Team Lead Service Centre DIVISION/BRANCH: IS/IT CURRENT CLASSIFICATION LEVEL: IS27 SUPERVISOR S POSITION NUMBER POSITION NUMBER: LOCATION: Vancuver DATE: February 2009 SUPERVISOR S TITLE/CLASSIFICATION:
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationCharmaine Brooks CRM (208) 343-1904 charmaine.brooks@imergeconsult.com
Charmaine Brks CRM (208) 343-1904 charmaine.brks@imergecnsult.cm Overview Significant Prjects Ms. Brks is a Certified Recrds Manager and has 25+ years experience in the full lifecycle management f recrds
More informationHow To Run An Independent Cmpany
EXE Grup Outsurcing / C-surcing EXE Grup 2005 EXE Grup Yur independent resurce fr a brad range f services EXE Grup is the leading cmpany prviding services in scpe f. EXE Grup prvides supprt and maintenance
More informationEnterprise Security Management CIS 259
Enterprise Security Management CIS 259 Prerequisites CIS 175 Descriptin This curse is designed t cver the managerial aspects f cmputer security and risk management fr enterprises. The student will attain
More informationArmy DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012
Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut
More informationProcess of Setting up a New Merchant Account
Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am
More informationSupervisor Competence Standard
Supervisr Cmpetence Title Reprting and Investigating Incidents, and Initial Emergency Respnse Descriptin This standard specifies the knwledge and skills required fr supervisrs t cntribute t incident reprting
More informationHow To Understand The Risks Of A Financial Institutin
Guidance n Managing Outsurcing Risk Divisin f Banking Supervisin and Regulatin Divisin f Cnsumer and Cmmunity Affairs Bard f Gvernrs f the Federal Reserve System December 5, 2013 Table f Cntents I. Purpse
More informationCommunal Property Institution Capacity Assessment Tool
Cmmunal Prperty Institutin Capacity Assessment Tl Intrductin t cmmunal prperty institutins Cmmunal prperty institutins (CPIs) Participants in the land refrm prgramme can hld prperty thrugh different frms
More informationGovernment of Malta. Reference: GMICT X 0004-1:2014 Version: 7.0. Effective: 07 January 2014
Gvernment f Malta Reference: GMICT X 0004-1:2014 Versin: 7.0 Effective: 07 January 2014 This dcument is part f the http://ictplicies.gv.mt Underlined terms are defined in the Vcabulary. Purpse The purpse
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationGravesham Borough Council
Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager
More informationIMT Standards. Standard number A000014. GoA IMT Standards. Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical
IMT Standards IMT Standards Oversight Cmmittee Gvernment f Alberta Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical Standard number A000014 Electrnic Signature Metadata
More informationUNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE
1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationThe Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment
The Whle f Gvernment Apprach: Mdels and Tls fr EGOV & Alignment Adegbyega Oj (in cllabratin with T. Janwski and E. Estevez) United Natins University a@iist.unu.edu OVERVIEW 1. THE WG APPROACH 2. APPLICATION
More informationResearch Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013
Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,
More informationAppendix H. Annual Risk Assessment and Audit Plan 2013/14
Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department
More informationGP WIND DELIVERABLE D2.2 STAKEHOLDERS QUESTIONNAIRE WP2
GP WIND DELIVERABLE D2.2 STAKEHOLDERS QUESTIONNAIRE WP2 Prject Name: GP WIND Gd Practice in recnciling nshre and ffshre wind with envirnmental bjectives Prject Duratin: 24 mnths (August 2010 July 2012)
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationIEMA Practitioner Volume 14 Supporting Information www.iema.net/practitioner/14
IEMA Practitiner Vlume 14 Supprting Infrmatin www.iema.net/practitiner/14 Title: Engaging and Re-engineering the Supply Chain Authr: Sam Balch Organisatin: Glbal Actin Plan There are a number f reasns
More informationBRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitioner Level) Specific Role Data Architect
BRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitiner Level) Specific Rle Data Architect Grade Directrate Managed by BG13 (TBC) Business Change Senir Infrmatin Systems & Technlgy Architect
More informationHealth Stream Portfolio (e.g. Mental health, drug & alcohol) and Contract of Employment
Psitin Descriptin Psitin Agency Reprts t Terms and Cnditins f Emplyment Classificatin/ Salary Stream Length f Psitin Lcatin Health Stream Lead Health Stream Prtfli (e.g. Mental health, drug & alchl) Primary
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationNSW Government. Software Asset Management Standard. Version 1.0. October 2014
NSW Gvernment Sftware Asset Management Standard Versin 1.0 Octber 2014 standards@finance.nsw.gv.au ICT Services Office f Finance & Services Level 23, McKell Building 2-24 Rawsn Place SYDNEY NSW 2000 Sftware
More informationWest Yorkshire Fire & Rescue Service. Data Quality Policy
West Yrkshire Fire & Rescue Service Data Quality Plicy Ownership: Crprate Services Date Issued: Nvember 2007 Date Last Mdified: August 2012 Cntents Table f Cntents Page N. 1 Intrductin 3 2 Why is data
More information