Business Intelligence & Reporting. Application Access Guidelines
|
|
- Arthur George
- 8 years ago
- Views:
Transcription
1 Business Intelligence & Reporting Application Access Guidelines
2 DOCUMENT CONTROL DOCUMENT REFERENCE File Name: UTD Business Intelligence & Reporting Application Access Guidelines VERSION CONTROL All revisions made to this document are listed below in chronological order. Version Date Author(s) Notes 1.0 7/30/12 Charles Yorek Original Draft 1.1 8/20/12 Michael Winship Added Responsibilities 1.2 8/27/12 Michael Winship Incorporated revisions provided by Steven Jestis 1.3 8/29/12 Steven Jestis Version 1.3 approved 1.4 9/12/12 Charles Yorek Incorporated revisions provided by Dr. Sue Taylor 1.4 9/26/12 Dr. Sue Taylor Version 1.4 approved /2/12 Dr. Andrew Blanchard Version 1.4 approved Page 1
3 CONTENTS Document Reference... 1 Version Control... 1 Access Guidelines Charge... 3 Access Guidelines PURPOSE Statement... 3 Application Governed by Access Guidelines... 3 Responsibilities... 3 Approvers Responsibilities... 3 Department Trusted Requestors Responsibilities... 4 Business and Analytics Reporting Department Responsibilities... 4 Peoplesoft Access Team responsibilites... 4 Guidelines History... 4 Access Guidelines Approval... 5 Page 2
4 ACCESS GUIDELINES CHARGE EAS - Business and Analytics Reporting (BA&R) Department ACCESS GUIDELINES PURPOSE STATEMENT The purpose of these guidelines is to provide minimum requirements necessary for employees to be granted access to the University s online reporting applications. The guidelines ensure that employee logins and access needs are authorized and granted in a legitimate, documented manner. When these guidelines are followed, risk to the University s business operations and reporting due to unauthorized access and inaccurate or misused data is reduced. APPLICATION GOVERNED BY ACCESS GUIDELINES Oracle Business Intelligence Enterprise Edition (OBIEE) RESPONSIBILITIES Access Guidelines Notes: Individual roles and responsibilities are defined below. However, the following responsibilities are shared by all: Know security and privacy responsibilities and participate in security and privacy awareness program activities. (e.g., FERPA Training, etc.) Read, understand and comply with private data requirements, safeguards and standards. Read, understand and comply with enterprise data and systems security and privacy policies, procedures, safeguards, guidelines and standards. Report suspected security incidents as stated under the Information Security Office (ISO) policies and procedures. APPROVERS RESPONSIBILITIES In conjunction with IR and the University privacy and security community, provide data access guidelines and privacy training and resources to University staff and faculty. Ensure access to the reporting application and data is limited to those individuals with a University business need and access level is appropriate for the work to be performed. Develop consistent roles and responsibilities for Trusted Requestors. Determine the sensitivity and criticality of the data based on University, legal definitions and contractual obligations. Review relevant security management reports as stated under the UTD Business Intelligence - Application Access Procedures Procedures for Monitoring/Reviewing Employee Functional & Technical Roles. Ensure that a process is in place to retain or purge information according to University records retention schedules. Page 3
5 DEPARTMENT TRUSTED REQUESTORS RESPONSIBILITIES Department Trusted Requestors are responsible for the content and use of the University s business data that is entrusted to Departmental missions; therefore, Department Trusted Requestors are responsible for approving requests for access to reporting related to their data. Signatories who will approve PSEC requests are the Department Head, the Trusted Requestors, and additionally for Module PSEC requests, the Module Owner. The Trusted Requestor, and the Module Owner (additionally for Module requests) is the employee, for whom the Department Head has given permission, to request, approve, review, or complete, the Employee User Information and/or the Module access details for the PSEC request. The Department Head is responsible for verifying that the access requested is appropriate for the employee s job duties. The Department Head shall approve the Trusted Requestor s PSEC request, when necessary. The Module Owner is employed by the Department responsible for the Module s data, and is responsible for approving all requests to access Module data. After the OBIEE Access Request Form has been approved by the requesting department s Trusted Requestor and/or Department Head, the Module Owner shall review the requested Module access details, determine the appropriate access classes to be given, and approve the request. Issues pertaining to Module access may arise between the requesting department signatories and the Module Owner. Access issues shall be resolved, with assistance from the PeopleSoft Access Team, by the requesting department and the department responsible for the Module s data. Escalation path for this issue should be resolved with the Division Head, CIO and/or University President when necessary. BUSINESS AND ANALYTICS REPORTING DEPARTMENT RESPONSIBILITIES The Manager of BA&R shall approve and permit only authorized people to access the servers that store the University s proprietary application source code to reduce the risk of access incidents. The BA&R Department shall maintain the roles and access rights that users have to reporting within OBIEE according to the needs of the business. The BA&R Department shall support 1 the movement of OBIEE objects, dashboards, and reports, between environments at the request of the business. PEOPLESOFT ACCESS TEAM RESPONSIBILITES The PeopleSoft Access Team shall process only completed PSEC requests that have been approved by each required department signatory. For the OBIEE Access Request Form, the employee shall be given only the access roles that are related to the Functional and Technical requests to perform their jobs. GUIDELINES HISTORY Issued: August 7 th, By a set of Release Management Procedures Page 4
6 ACCESS GUIDELINES APPROVAL The purpose of this document is to validate access guidelines and obtain approval. Validation of the access guidelines is essential to the subsequent steps and overall success of the effort. The approval signatures indicate validation and authorization of the access guidelines. EAS APPROVALS BA&R OBIEE Security Guidelines Approval Steven Jestis, Manager Business Intelligence & Reporting Date OBIEE Application Access Approval.png Dr. Sue Taylor, AVP/Director Enterprise Application Services Date OBIEE Application Access Approval.png Dr. Andrew Blanchard, Vice President and CIO Date Page 5
Business Intelligence & Reporting. Application Access Procedures
Business Intelligence & Reporting Application Access Procedures DOCUMENT CONTROL DOCUMENT REFERENCE File Name: UTD Business Intelligence & Reporting - Application Access Procedures VERSION CONTROL All
More informationData Management Standard
Data Management Standard Revision: Version 1.0 Date: 11/2015 Status: Approved by ISAC, Reviewed by Chancellor s Cabinet 1. Objectives Page 1 2. Scope Statement. Page 1 3. Requirements..Page 1 4. Definitions
More informationTable of Contents. Miami University Page 2
OBIEE Security Authors: Amy Goll Last Updated: 6/12/2012 Table of Contents Miami University s Confidential Information Policy... 4 Security within OBIEE... 5 OBIEE Security Roles... 5 Miami Security Roles...
More informationIndex .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
More informationInformation Security Operational Procedures
College Of Coastal Georgia Information Security Operational Procedures Banner Student Information System Security Policy INTRODUCTION This document provides a general framework of the policy utilized by
More informationUTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter
Pennsylvania State System of Higher Education California University of Pennsylvania UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter Version [1.0] 1/29/2013 Revision History
More informationISAAC Risk Assessment Training
ISAAC Risk Assessment Training v2013 Information Technology Risk Management 1 Agenda Why Assess? Information Security Standards Risk Assessment Process Using ISAAC Information Technology Risk Management
More informationR345, Information Technology Resource Security 1
R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,
More informationWestern Oregon University Information Security Manual v1.6
Table of Contents: 000 Introductory Material 001 Introduction Western Oregon University v1.6 Please direct comments to: Bill Kernan, Chief Information Security Officer 100 Information Security Roles and
More informationDocument Title: System Administrator Policy
Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated
More informationCorporate Policy and Procedure
Page Page 1 of 9 TAB: SECTION: SUBJECT: ROADS AND TRAFFIC TRAFFIC OPERATIONS CLOSED CIRCUIT TELEVISION (CCTV) TRAFFIC MONITORING SYSTEMS POLICY STATEMENT POLICY PURPOSE The City of Mississauga may install
More informationAnalytics Reporting Service
1. Rate per month $19.00 per user 2. General Overview: The provides the technologies for transforming large quantities of raw data into useable information serving the agency s functions. includes interactive
More informationPBGC Information Security Policy
PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.
More informationInformation Security Manager Training
Information Security Manager Training Kent Swagler CCEP Director, Corporate Compliance Direct line (314) 923-3097 Cell (314) 575-8334 kswagler@metrostlouis.org Information Security Manager Training Overview
More informationApplication Development
1. Rate: Standard Rates Fiscal Year 2015 Applications Developer $64.25 Applications Developer/Senior $75.25 Applications Developer/Lead $87.25 Co-Located Rates Fiscal Year 2015 Applications Developer Co-Located
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationWright State University Information Security
Wright State University Information Security Controls Policy Title: Category: Audience: Reason for Revision: Information Security Framework Information Technology WSU Faculty and Staff N/A Created / Modified
More informationCal Poly Information Security Program
Policy History Date October 5, 2012 October 5, 2010 October 19, 2004 July 8, 2004 May 11, 2004 January May 2004 December 8, 2003 Action Modified Separation or Change of Employment section to address data
More informationFirewall Access Request Form
SECTION 1 TO BE COMPLETED BY THE APPLICANT By completing the below information the requestor/applicant acknowledges and agrees that he/she has read, understood and will comply with the following: CHECK
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationINFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
More informationIdentity Theft Prevention Program (Approved by the Board of Trustees)
Administrative Regulation 8:8 Responsible Office: EVPFA Date Effective: 9/15/2009 Supersedes Version: No previous version Identity Theft Prevention Program (Approved by the Board of Trustees) Major Topics
More informationBI Tools and Data Flow
BI Tools and Data Flow http://web.peralta.edu/indev/peralta business intelligence bi tool Mike Orkin, Ph.D. Associate Vice Chancellor of Academic Affairs Peralta Community College District 1 Business Intelligence
More informationOklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention
Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention
More informationEffective Date: Oct. 27, 2009... 1
Policy Title: Office of Information Technology Email Usage and Retention Policy Policy No.: 7010 Rev.: 0 Effective Date: Oct. 27, 2009 Last Revision: Oct. 27, 2009 Responsible Office: Responsible Official:
More informationRowan University Data Governance Policy
Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data
More informationADMINISTRATIVE POLICY # 32 8 2 (2014) Information Security Roles and Responsibilities
Policy Title: Information Security Roles Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 2 (2014) Information Security Roles Approval Date: 05/28/2014 Revised Responsible Office:
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationGuidelines on Digital Forensic Procedures for OLAF Staff
Ref. Ares(2013)3769761-19/12/2013 Guidelines on Digital Forensic Procedures for OLAF Staff 1 January 2014 Introduction The OLAF Guidelines on Digital Forensic Procedures are internal rules which are to
More informationPrivacy Impact Assessment
Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief
More informationPolicy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:
Policy No: TITLE: AP-AA-17.2 Data Classification and Data Security ADMINISTERED BY: Office of Vice President for Academic Affairs PURPOSE EFFECTIVE DATE: CANCELLATION: REVIEW DATE: August 8, 2005 Fall
More informationInformation Security Policy
Information Security Policy Policy Title Responsible Executive Responsible Office Information Security Policy Vice President for Information Technology and CIO, Jay Dominick Office of Information Technology,
More informationOnline Lead Generation: Data Security Best Practices
Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:
More informationCalifornia State Polytechnic University, Pomona. Network Monitoring Guidelines
California State Polytechnic University, Pomona Network Monitoring Guidelines Developed in consultation with the Information Security Governance Council Al Arboleda, Stephanie Doda, Glendy Yeh, Kevin Morningstar,
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationUniversity of Michigan Medical School Data Governance Council Charter
University of Michigan Medical School Data Governance Council Charter 1 Table of Contents 1.0 SIGNATURE PAGE 2.0 REVISION HISTORY 3.0 PURPOSE OF DOCUMENT 4.0 DATA GOVERNANCE PROGRAM FOUNDATIONAL ELEMENTS
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationProgram Summary. Criterion 1: Importance to University Mission / Operations. Importance to Mission
Program Summary DoIT provides and supports the infrastructure and custom development for NIU s core human resources system: The PeopleSoft Human Resources Management System (PS- HR) provides core functionality
More informationIdentifier: IT-001 Revision Date: 10/1/2015 Effective Date: 10/18/2012 Approved by: BOR Approved on date: 10/18/2012
Information Technology Policy Acceptable Use Identifier: IT-001 Revision Date: 10/1/2015 Effective Date: 10/18/2012 Approved by: BOR Approved on date: 10/18/2012 Table of Contents 1. Introduction... 2
More informationIdentity Theft Prevention Program Derived from the FTC Red Flags Rule requirements
Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements 1.0 Introduction In 2003, Congress enacted the Fair and Accurate Credit Transactions Act of 2003, 15 U.S.C. Section 1681,
More informationDEPARTMENTAL POLICY. Northwestern Memorial Hospital
Northwestern Memorial Hospital DEPARTMENTAL POLICY Subject: DEPARTMENTAL ADMINISTRATION Title: 1 of 11 Revision of: NEW Effective Date: 01/09/03 I. PURPOSE: This policy defines general behavioral guidelines
More informationService Level Agreement
This document outlines the Service Level Agreement (SLA) between University Technology Services (UTS) and our Customers for the delivery and support of. The purpose of this agreement is threefold: 1. To
More informationIT Security Handbook. Incident Response and Management: Targeted Collection of Electronic Data
IT Security Handbook Incident Response and Management: Targeted Collection of Electronic Data ITS HBK 2810.09 03 Effective Date: 20110824 Expiration Date: 20130824 Responsible Office: OCIO/ Deputy CIO
More informationElectronic Communication
Electronic Communication Information Technology Policy Identifier: IT-002 Revision Date: 10/1/2015 Effective Date: 10/18/2012 Approved by: BOR Approved on date: 10/18/2012 Table of Contents 1. Introduction...
More informationNMSU Procedural Guidelines (Policy 2.64 - Security Cameras on University Premises)
NMSU Procedural Guidelines (Policy 2.64 - Security Cameras on University Premises) A. NMSU Entities requesting security cameras will be required to follow the procedures outlined below. 1. Justification
More informationEstée Lauder Companies Global Jobs Website Privacy Policy
Effective Date: August 14, 2014 Estée Lauder Companies Global Jobs Website Privacy Policy The Estée Lauder Companies ( we, us, or our ) respects your concerns about privacy and value the relationship we
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationContact: Henry Torres, (870) 972-3033
Information & Technology Services Management & Security Principles & Procedures Executive Summary Contact: Henry Torres, (870) 972-3033 Background: The Security Task Force began a review of all procedures
More informationSTUDENT RECORD POLICY, PROCEDURES AND DEFINITIONS
STUDENT RECORD POLICY, PROCEDURES AND DEFINITIONS PURPOSE The purpose of establishing this policy is to ensure Virginia Union University s compliance with the Family Educational Rights and Privacy Act
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationIDENTITY MANAGEMENT AND COMMON SYSTEM ACCESS HUMBOLDT STATE UNIVERSITY. Audit Report 12-46 December 21, 2012
IDENTITY MANAGEMENT AND COMMON SYSTEM ACCESS HUMBOLDT STATE UNIVERSITY Audit Report 12-46 December 21, 2012 Henry Mendoza, Chair William Hauck, Vice Chair Lupe C. Garcia Steven M. Glazer Hugo N. Morales
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,
More informationCOMMONWEALTH OF PENNSYLVANIA GOVERNOR'S OFFICE. Commonwealth Internet Access
MANAGEMENT DIRECTIVE Subject: Commonwealth Internet Access 205.29 Amended Number COMMONWEALTH OF PENNSYLVANIA GOVERNOR'S OFFICE By Direction Of: Thomas G. Paese, Secretary of Administration Date: January
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationType of Personal Data We Collect and How We Use It
Philips Lumify App Privacy Notice This Privacy Notice was last changed on September 1, 2015. Philips Electronics North America Corporation ("Philips") strongly believes in protecting the privacy of the
More informationDepartment of the Interior Privacy Impact Assessment
Department of the Interior September 8, 2014 Name of Project: Enterprise Forms System Bureau: Office of the Secretary Project s Unique ID (Exhibit 300): 010-000000312 Once the PIA is completed and the
More informationCollege/Division Business Administrators Meeting April 10, 2014
College/Division Business Administrators Meeting April 10, 2014 Mary Dickerson, MBA, CISSP, CISM, PMP Executive Director, UIT Security Chief Information Security Officer mdickerson@uh.edu No more updates
More informationInformation Technology Acceptable Use Policy
Information Technology Acceptable Use Policy Overview The information technology resources of Providence College are owned and maintained by Providence College. Use of this technology is a privilege, not
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationUNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationDOT.Comm Oversight Committee Policy
DOT.Comm Oversight Committee Policy Enterprise Computing Software Policy Service Owner: DOTComm Operations Effective Date: TBD Review Schedule: Annual Last Review Date: Last Revision Date: Approved by:
More informationAttestation of Identity Information. An Oracle White Paper May 2006
Attestation of Identity Information An Oracle White Paper May 2006 Attestation of Identity Information INTRODUCTION... 3 CHALLENGES AND THE NEED FOR AUTOMATED ATTESTATION... 3 KEY FACTORS, BENEFITS AND
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationInformation Security Operational Procedures Banner Student Information System Security Policy
Policy No: 803 Area: Information Technology Services Adopted: 8/6/2012 Information Security Operational Procedures Banner Student Information System Security Policy INTRODUCTION This document provides
More informationINFORMATION TECHNOLOGY POLICY
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of : DPW Information Security and Privacy Policies Domain: Security Date Issued: 05/09/2011 Date Revised: 11/07/2013
More informationDEPARTMENT OF STATE FISCAL YEAR 2008 PRIVACY IMPACT ASSESSMENT
DEPARTMENT OF STATE FISCAL YEAR 2008 PRIVACY IMPACT ASSESSMENT Post Capabilities Database (PCD) FY 2008, Quarter 3 Conducted by: Bureau of Administration Information Sharing Services Office of Information
More informationStandard Operating Procedure Information Security Compliance Requirements under the cabig Program
Page 1 of 9 Pages Standard Operating Procedure Information Security Compliance Requirements under the cabig Program This cover sheet controls the layout and components of the entire document. Issued Date:
More informationINFORMATION SECURITY MANAGEMENT POLICY
INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored
More informationOffice of Financial Research Constituent Relationship Management Tool Privacy Impact Assessment ( PIA ) April, 2015
Office of Financial Research Constituent Relationship Management Tool Privacy Impact Assessment ( PIA ) April, 2015 A. Identification System Name: OMB Unique Identifier: System Owner: Constituent Relationship
More informationPII Personally Identifiable Information Training and Fraud Prevention
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
More informationC. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
I. Title A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
More informationOrganize Work Information. Resolve Workflow Problems
Organize Work Information Resolve Workflow Problems Solution Overview Cases Bugs Tracker Notification Tasks Document Expenses Business Intelligent Phases Meeting Contact Dashboard Project Management Social
More informationServer Service Level Agreement
Server Service Level Agreement Information Technology Services Department: Service Type: Date: 1.0 Introduction: Information Technology Services (ITS) provides technology resources and services for legitimate
More informationPolicy Rules for Business Partners of Siemens
Information Security Policy Rules for Business Partners of Siemens Basic rules regulating access to Siemens-internal information and systems Policy Rules for business Partners of Siemens Edition P-RBP-2007-02-05-E
More informationResponsible Use of Technology and Information Resources
Responsible Use of Technology and Information Resources Introduction: The policies and guidelines outlined in this document apply to the entire Wagner College community: students, faculty, staff, alumni
More informationFACILITIES MANAGEMENT DEPARTMENT
FACILITIES MANAGEMENT DEPARTMENT Policy Title: Key Control and Card Access Policy Policy Number D-12 Section: Safety and Security Effective Date: April 12, 2007 Last Review: April 12, 2007 Purpose: The
More informationIdentity Theft Prevention Policy
Eastern Kentucky University Policy and Regulation Library 6.#.#P Volume 6, Volume Title: Financial Affairs Chapter #, Chapter Title Section #, Name: Identity Theft Prevention Policy Approval Authority:
More informationApproved by President Mohammed Qayoumi. Reviews: IT Management Advisory Committee
Policy History Date Action Approved by President Mohammed Qayoumi May 27, 2013 April 9, 2013 Reviews: IT Management Advisory Committee Draft Policy Released Table of Contents Introduction and Purpose...
More informationUNC Asheville. Red Flag Rule and NC Identity Protection Act Information
UNC Asheville Red Flag Rule and NC Identity Protection Act Information Why Should UNC Asheville be Concerned? The Federal Trade Commission (FTC) regulates financial transactions at UNC Asheville The FTC
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1. Purpose... 2 2. Entities Affected by This Guideline... 2 3. Definitions... 2 4. Guidelines... 3 4.1 Requesting Data Center or... 3 4.2 Requirements for Data Center or...
More informationPOLICY 5.9 CORNELL UNIVERSITY POLICY LIBRARY. Information technology data will be disclosed only according to the procedures outlined in this policy.
CORNELL UNIVERSITY POLICY LIBRARY Chapter: 9, Access to Information Data and Monitoring Network Policy/WCMC Information technology data will be disclosed only according to the procedures outlined in this
More informationWellesley College Whistleblower Policy Adopted April 2009
Wellesley College Whistleblower Policy Adopted April 2009 1. General Wellesley College (the "College") requires all employees (including faculty) to observe high standards of business and personal ethics
More informationDocument Management System for the Division of Banking Supervision and Regulation and the Division of Consumer and Community Affairs (DMS)
Board of Governors of the Federal Reserve System seal Privacy Impact Assessment of Document Management System for the Board of Governors of the Federal Reserve System s Division of Banking Supervision
More informationVulnerability Management Policy
Vulnerability Management Policy Policy Statement Computing devices storing the University s Sensitive Information (as defined below) or Mission-Critical computing devices (as defined below) must be fully
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationAttachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.
Attachment E RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive. Questions Support for Information Security 1. The Supplier
More informationAndrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration
Andrews University Payment Card Acceptance Policies & Procedures Prepared by Financial Administration July 12, 2011 Part I: Introduction of Policy and Purpose Formatted: Font: 12 pt In order to protect
More informationAppendix A: Rules of Behavior for VA Employees
Appendix A: Rules of Behavior for VA Employees Department of Veterans Affairs (VA) National Rules of Behavior 1 Background a) Section 5723(b)(12) of title 38, United States Code, requires the Assistant
More informationCOTS/SaaS Acquisition Information Form
State of California Department of Technology COTS/SaaS Acquisition Information Form Preparation Instructions Statewide Information Management Manual Section 22A June 2015 Table of Contents 1.0 Overview...
More informationCity of Bothell Remote Access Agreement Page 1 of 6
Instructions This packet contains four documents to be completed as follows. Departmental request for non employee remote access To be completed by the appropriate CITY OF BOTHELL Department Director.
More informationDASSAULT SYSTEMES GROUP HUMAN RESOURCES DATA PRIVACY POLICY
DASSAULT SYSTEMES GROUP HUMAN RESOURCES DATA PRIVACY POLICY The following provisions make up Dassault Systèmes Group HR Data Privacy Policy (the Policy ). This Policy applies to our employees, applicants
More informationPrivacy Impact Assessment. For. TeamMate Audit Management System (TeamMate) Date: July 9, 2014. Point of Contact: Hui Yang Hui.Yang@ed.
For TeamMate Audit Management System (TeamMate) Date: July 9, 2014 Point of Contact: Hui Yang Hui.Yang@ed.gov System Owner: Wanda Scott Wanda.Scott@ed.gov Author: Mike Burgenger Office of the Inspector
More informationINFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security
INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security State Fair Community College shall provide a central administrative system for use in data collection and extraction. Any system user
More informationUnited States Secret Service Enterprise Architecture Review Board (EARB) Project Briefing for NAME OF PROJECT
United States Secret Service Enterprise Architecture Review Board (EARB) Project Briefing for NAME OF PROJECT Presenter Name(s) Date 1 Introduction: An Enterprise Architecture Review Board (EARB) review
More information