Information Technology Security Policy

Size: px
Start display at page:

Download "Information Technology Security Policy"

Transcription

1 Infrmatin Technlgy Security Plicy May 2002

2 ii

3 INFORMATION TECHNOLOGY SECURITY POLICY TABLE OF CONTENTS Statement f Directin Principles Specialized Technical Staff Users f Electrnic Assets Internet Risk Assessment Dartn Cllege Infrmatin Technlgy Security Plicy Purpse Principles Scpe Enterprise Rles Department f Campus Infrmatin Services Rles and Respnsibilities Department Head Agency Infrmatin Officer Agency Security Officer Specialized Technical Staff Applicatin Develpment Staff Prductin Supprt Staff LAN Administratin Staff Infrmatin Custdians Users f Electrnic Assets Passwrds Access t Published Cllege Infrmatin Physical Access Access t Cllege Infrmatin Under the Open Recrds Law Exemptins t the Open Recrds Law Rutine Internal Use and Maintenance f Cllege Infrmatin General Intrductin and Requirements Wrkstatin Security Dartn Faculty and Staff Wrkstatins Faculty and Staff Lab Wrkstatins Student Lab Wrkstatins Classrm Wrkstatins Specialized and Shared Wrk Areas iii

4 Passwrds and Cmbinatins Backups Archives and Recrds Management Laptp and ther prtable technlgy Dial-up access Hme Placement f State-Owned Cmputer Equipment Risk Assessment Cmputer Crime Escalatin Training Mnitring iv

5 STATEMENT OF DIRECTION The gal f the Cllege is t establish and maintain a practive security plicy. All users f the Cllege's electrnic data prcessing assets will knw hw t access a cpy f the security plicy and be familiar with its cntents. The security plicy has been apprved by the Campus Cmputer Cmmittee. The Cmmittee is cmprised f Faculty, Staff, and Students. PRINCIPLES Assignment f Respnsibilities: The Cllege will create and maintain a dcument that clearly identifies the individuals wh prvide security fr each platfrm fr the Cllege. Cnsistency f Security Prvisins: The Cllege will have cnsistent access cntrls acrss platfrms. While the bjective may be technically impssible at this time due t lack f adequate sftware, every effrt will be made t be aware f new prducts n the market and their ptential t accmplish this bjective. Therefre the Cllege will wrk tward a centralized security sectin t implement cnsistent security fr all platfrms. It will als be necessary t increase the Security Assciates' training t maintain 24x7 cverage. The Cllege will develp a plicy fr resetting passwrds. This plicy will include: identificatin f individuals authrized t reset passwrds, identificatin f wh may request resets, prcedures t be fllwed in making a request, and a strategy t authenticate the persn making the request. Separatin f Duties: Limited Staff size and a large number f applicatins spread acrss all platfrms make ttal separatin f duties a difficult task. Hwever, the separatin f duties between access t rules and access t data will cntinue t be high-pririty bjective. Prject managers and supervisrs will include this principle when assigning duties t Applicatins Develpment Staff, Prductin Supprt Staff and LAN Administratrs. Supervisrs and management will incrprate this principle when filling vacancies r defining divisin and department structure. Auditability: The Cllege will establish standards fr creatin and maintenance f security rules, lgn ids and user ids. Standards will include dcumentatin f specific types f access granted t each rle, i.e. Security Assciate, Help Desk Staff, etc. Prcedures will als be defined fr requesting changes, dcumentatin required, and retentin f that dcumentatin. Lgging f ptential risks as well as vilatins will be perfrmed n all platfrms. 1

6 Review f all lg reprts and mnitring will be included in annual perfrmance standards. Well-defined prcedures fr investigatin f ptential prblems will be disseminated t all persnnel whse duties include mnitring. All requests fr lgn ids, user ids, r access must be signed r lgged by the Security Officer r Assciate. Specialized Technical Staff: Rles and Respnsibilities Applicatins Develpment Staff The Department f Management Infrmatin Services (MIS) will establish distinct test, pre-prductin, and prductin libraries. Prcedures fr transfer f prgrams, scripts, and ther types f library members will be dcumented. When available and advisable, based n risk assessment, sftware will be utilized fr versin cntrl and t prvide backups. Persnnel wh are familiar with the Cllege prgramming standards, the Applicatins Develpment and/r Prductin Supprt staff, and the platfrm shuld cmplete transfers between libraries. Transfers shuld nt be assigned t an individual wh nly knws a checklist f steps t cmplete and des nt have knwledge f transfer implicatins. The MIS Department may cnsider the use f the security assciates t perfrm library transfers. Users f Electrnic Assets: Rles and Respnsibilities The Office f Campus Infrmatin Services will develp a standard written Infrmatin Technlgy Security Plicy and Infrmatin Cnfidentiality Ntificatin that all users, regardless f platfrm, must sign. Access requests will include cmmitment statements t ensure cnfidentiality and a warning f pssible mnitring. Users must als acknwledge the necessity t prevent abuse and misuse f the wrkstatin. The intended user f the lgn id r user id and his/her supervisr must sign the request. T expedite access fr new emplyees, a lgn id r user id and necessary security may be granted, but n passwrds shuld be prvided until the frms are signed. Each user will be given a cpy f the signed frm. The Office f Campus Infrmatin Services will devise ne r mre prcesses t annually remind users f their security plicy respnsibilities. A timetable will be determined fr users t sign a new acknwledgement f cnfidentiality. INTERNET Cmmittees at the state level are currently meeting t study Internet messaging security, including digital signatures. Results f these studies will be incrprated int the Dartn Cllege Infrmatin Technlgy Security Plicy. 2

7 RISK ASSESSMENT Risk Assessment will cntinue t be a prcess f balancing the need fr cnfidentiality, data integrity, and availability, with perceived custmer service. Risk Assessment will be a majr cnsideratin fr all aspects f the Cllege Infrmatin Technlgy Security Plicy. It shuld be cmpleted during the analysis and design f applicatins and prir t the prcurement and installatin f equipment and sftware. Care shuld be taken nt t evaluate risk based slely n current requirements. Fr example, an applicatin may nly be needed by ne r tw peple in a central lcatin when it is designed, but in time a prgram culd grw t an extent that the applicatin is requested by a large number f peple, including thse in remte lcatins. Risk Assessment shuld include representatives frm the user cmmunity, the Cllege Security Officer and pssibly the Inventry Supervisr. The Chief Infrmatin Officer may wish t be included in sme decisins, particularly thse invlving prcurement. 3

8 4 This page is intentinally left blank.

9 DARTON COLLEGE INFORMATION TECHNOLOGY SECURITY POLICY PURPOSE The purpse f this dcument is t define and clarify the plicies, principles, guidelines, and respnsibilities related t the security f the Cllege's infrmatin technlgy resurces. PRINCIPLES The Cllege acknwledges the standards and expectatins established by the University System Infrmatin Technlgy Security Plicy. The Cllege s principles reflect the Plicy and prvide further directin: Assignment f Respnsibilities: The Cllege has a Statement f Directin regarding the rles and respnsibilities related t securing infrmatin resurces. Cnsistency f Security Prvisins: The Cllege has cntrlled and knwn access cntrls acrss platfrms (e.g., mainframe, netwrk, Internet) used t retain, access, r transprt the infrmatin. The Statement f Directin cntains additinal gals. Separatin f Duties: The Cllege has a Statement f Directin that is designed t administer security respnsibilities separate frm ther duties that might result in cmprmises t the prtectin f the Cllege's infrmatin resurces. Expectatin f Apprpriate Security: Users f the Cllege's infrmatin prcessing facilities can be cnfident that the facilities are secure and prvide reasnable prtectin t the infrmatin the Cllege retains r transprts. Auditability: The Cllege has a Statement f Directin t establish clear, straightfrward standards t dcument wh has access t change the security rules, when changes were made t the security rules, and t reprt attempted vilatins f the security rules n all platfrms. SCOPE This plicy applies t all Dartn Cllege emplyees. The Campus Infrmatin Services Department and Infrmatin Technlgy and Distance Learning Department have statutry respnsibilities that are described in the sectin n Enterprise Rles. When statutes are available, their requirements will take precedence ver these plicies. The plicy applies t the Cllege's students, cntractrs, business partners, and thers authrized t use the Cllege's infrmatin technlgy resurces. Implementatin f this plicy helps t insure that the fllwing characteristics apply t infrmatin technlgy resurces f the Department: 5

10 Cnfidentiality - sensitive infrmatin is prtected against unauthrized access. Integrity - infrmatin is prtected frm tampering, unauthrized mdificatin, r falsificatin. Availability - legitimate users f the Cllege's infrmatin technlgy resurces can access thse resurces in a timely manner. ENTERPRISE ROLES Department f Campus Infrmatin Services On behalf f the enterprise, the Department will: Maintain security administratin tls adequate fr departments t cntrl access t the infrmatin held, prcessed, r transprted by the department n their behalf. Prvide training and prcedures fr the use f these tls. Administer security fr Campus Infrmatin Services staff and services. Assist departments with the implementatin f access cntrl decisins. Assure that security plicy and technlgy are addressed in enterprise infrmatin technlgy planning and implementatin prjects. Establish cllege-wide standards fr cmputing and netwrk equipment and cnfiguratins that allw fr departments t maintain cntrl ver access t infrmatin fr which they are respnsible. (Cmputing and Netwrk Equipment Standards) Establish and implement strategies t peridically mnitr cmpliance with security plicy standards. Identify and publish the name f the custdian f cllege databases that are established r under develpment by ne r mre departments. The custdian will be held respnsible fr prper distributin f individual access t private cllege data within the applicatin. Ensure new cllege-wide sftware tls used t retain, access, r transprt data are prperly secured. Cnvene the Security Cmmittee (made up f the security administratin prfessinals emplyed by the cllege) peridically t gather input n the cnfiguratin f the security administratin facilities maintained by the Cllege (see 'Security Cmmittee,' belw). ROLES AND RESPONSIBILITIES The Cllege has identified rles, respnsibilities and relatinships related t the security f infrmatin technlgy resurces f the cllege. The rles and respnsibilities fr security in the Cllege include the fllwing: 6

11 Budget Unit Head: The Budget Unit Head is respnsible fr the infrmatin cllected by the unit and fr cntrlling access t that infrmatin. The Head f the Unit may delegate specific security respnsibilities, but he/she is ultimately respnsible fr the security f the cllege's infrmatin and technlgy assets. The Budget Unit Head has delegated respnsibility fr custdy f the cllege's recrds. Chief Infrmatin Officer (CIO): The Cllege's Chief Infrmatin Officer (CIO) is the Directr f Campus Infrmatin Services. The CIO is respnsible fr the cnfiguratin f the Cllege's infrmatin technlgy resurces and fr the develpment, prmulgatin, and enfrcement f the agency's security plicies. The CIO is respnsible fr issuing Statements f Directin that will guide the develpment and maintenance f security plicies, prcedures, and relatinships amng the varius infrmatin technlgy security functins within the Cllege. The CIO appints the Security Officer; all security functins reprt t the Security Officer wh reprts t the CIO. Cllege Security Officer: The Security Officer is appinted by the CIO and is lcated in the Campus Infrmatin Services Department The Security Officer will: Have the apprpriate classificatin t manage security fr the Cllege. Establish access cntrls. Identify Assciate Security Officer (r Security Assciate) in the departments r prgram areas and assign respnsibility fr specific security functins. Ensure dcumentatin f infrmatin custdians, including persnnel authrized t apprve prductin library transfers. Identify training requirements, determine the frequency f training, prvide r assist in arranging fr training fr the Assciate Security Officer(s). Develp and implement strategies t make users aware f security plices, prcedures, and benefits; determine the frequency f awareness training and infrmatin. Slicit evaluatin f the effectiveness f training prvided and/r arranged. Dcument the security supprt structure acrss platfrms. Cmmunicate the directin fr Cllege security standards, prcedures and guidelines. Enfrce cllege security plicies. Ntify ther departments when staff wh have access t data in thse departments leave r have significantly changed duties. 7

12 Be aware and maintain a cpy f the Dartn Cllege plicies fr dispsal f equipment. Represent the Cllege n the University System Security Cmmittee. Mnitr unusual activities, e.g., vilatin reprts. Cnduct an annual security review. Maintain lists f infrmatin custdians and security fficers in frmats available t all department persnnel. Wrk with auditrs as directed by the Chief Infrmatin Officer. Wrk with the Cllege Physical Security Officer as needed. The Security Officer is respnsible fr establishing prcesses t assure security, and cmmunicatin with end users, including fr example: Publishing guidelines t create passwrds, Standardizing the frmat and prcess fr all emplyees t acknwledge an understanding f the security requirements, Strategies and prcesses fr regular reminders f the security respnsibility f all users. The Office f Campus Infrmatin Services may require pre-emplyment screening fr the psitin f Security Officer and/r fr individuals wh are delegated the security functins. Specialized Technical Staff: Staff wh are directly respnsible fr security, system management, and applicatins develpment have special privileges in relatin t infrmatin resurces such as the ability t examine the files f ther users. The number f peple with access management rights must be strictly cntrlled and limited. Access t infrmatin technlgy resurces must be restricted n a legitimate need-t-knw basis. Applicatin Develpment Staff have limited access t prductin applicatins. The prcess fr rutine review fr cde changes includes the fllwing: There is sftware available t set cntrls n changes and t prduce reprts when changes are made. Senir staff can apprve and sign ff n changes. Junir staff and cnsultants must request apprval and sign ff frm senir staff, as determined by supervisry r prject leader persnnel. Prductin Supprt Staff will include Applicatins Develpment staff and LAN Administratrs, wh are granted access t prductin systems in rder t address emergencies that wuld therwise result in system unavailability. CIS will maintain a lg system t identify and dcument the emergency and identify which individual fixed the prblem. Prductin Supprt Staff are t assume that all data has value and may be 8

13 sensitive; it must be treated as cnfidential unless there are mre specific requirements frm the prgram areas. Cmputer Operatrs and sme end-users are granted access t sme files, as required t prvide service t ther state entities and submit department jbs fr nrmal prductin peratin. Cmputer Operatins Staff are t assume that all data has value and may be sensitive; it must be treated as cnfidential unless there are mre specific requirements frm the prgram areas. Help Desk Staff may have authrity t reset passwrds. LAN Administratin Staff, based n the requirements f their jb, have brad access t systems including access t infrmatin n wrkstatin "C" drives. LAN Administratrs are t assume that all data has value and may be sensitive; it must be treated as cnfidential unless there are mre specific requirements frm the prgram areas. LAN Administratrs can functin as Assciate Security Officers. LAN Administratrs r E- mail Administratrs may be specifically authrized t use netwrk management tls that circumvent the nrmal delivery f messages by intercepting r mnitring the cntents f messages addressed t anther recipient. The mnitring f messages, use f the Internet, and ther frms f netwrk cmmunicatin must be requested by a supervisr and must be fr a specific purpse. When it is an ptin (e.g. with remte take-ver tls) the LAN r Administratr must advise users in each instance that their messages are being intercepted when the tls are in use. When direct ntificatin is nt an ptin (e.g. with netwrk mnitrs) the LAN r Administratr must advise users that their messages may be intercepted in the curse f rutine netwrk mnitring. The Statement f Directin includes the bjective t advise users f the results f mnitring, including ptential disciplinary actins. If a supervisr has requested mnitring, nly the results f that request are subject t disciplinary fllw-up. Fr example, if a supervisr has requested a search fr use f illegal sftware, disciplinary actin shuld nt be initiated fr persnal use f the Internet. The security functin is cntrlled and will be dcumented fr all platfrms, e.g., mainframe, netwrk, and Internet. The Statement f Directin includes an bject t centralize the security functin acrss platfrms. Dartn Cllege has a cmputer cmmittee t reslve issues arising frm different strategies and technlgies used fr different platfrms. The Security Officer will assign access privileges based n several factrs: Matching the privilege t an apprpriate jb functin; Balancing the need and timeliness fr the privilege against the efficiency f granting access t the data; and Taking int accunt the expsure assciated with the privilege with regard t the length f time the access will be needed. 9

14 Specialized Technical Staff with brad access t data are in sensitive psitins and may be required t underg a security check as a cnditin f emplyment. Infrmatin Custdians: All infrmatin custdians are reminded that, based n legal precedents, an individual may delegate authrity but never respnsibility. Divisin Administratrs may delegate custdy t divisin emplyees. Dartn Cllege applicatins develpment and prductin supprt staff may als be given authrity t grant access t divisin infrmatin. Hwever Dartn Cllege staff shuld never be the sle delegate, nr shuld Dartn Cllege staff grant access withut written r verbal apprval frm the divisin delegate. In all cases, the name(s) f the individual(s) t whm these respnsibilities are delegated must be clearly psted and/r published s that all users f the infrmatin knw wh is the legal custdian. Infrmatin Custdians have the respnsibility t share security requirements with Applicatin Develpers and the Agency Security Officer r t delegate fr cnfidentiality r specialized treatment f data that stem frm federal, statutry, r ther requirements. Infrmatin Custdians will establish the standard fr recrd retentin fr their data and will authrize the dispsal f recrds. Infrmatin Custdians must ntify the Chief Infrmatin Officer when an emplyee leaves r there is a significant change in duties that affect the need fr access t infrmatin resurces. The Chief Infrmatin Officer will distribute the infrmatin t the Security Officer, and the Security Officer will disburse the infrmatin t the Security Assciates when applicable. Infrmatin Custdians, Applicatin Develpment Staff, and Dartn supervisrs wrking with cntractrs wh are authrized t access the cllege's infrmatin resurces must ntify the Chief Infrmatin Officer when a cntractr leaves r there is a significant change in duties r schedule that impacts the need fr access. The Chief Infrmatin Officer will disburse the infrmatin t the Security Officer, and the Security Officer will disburse the infrmatin t the Security Assciates when applicable. Users f Electrnic Assets: Users f Electrnic Assets f the Cllege include any emplyee f the Cllege, student, business partner, cntractr, cnsultant, r custmer wh is authrized t use the infrmatin technlgy assets f the Cllege. The Office f Campus Infrmatin Services requires a written request frm, which includes a security acknwledgement and signature f the user, fr mainframe access. The Statement f Directin will establish a prcess t include a similar prcedure fr ther platfrms. The Statement f Directin will als establish a prcess t annually remind users f their security plicy respnsibilities. The prcess fr authrizing user 10

15 lgn shuld be the same regardless f the technlgy accessed, i.e., mainframe, netwrk, r Internet. The Chief Infrmatin Officer will develp and disseminate guidelines and examples fr users t assist them in maintaining gd security practices. This material may include brchures, electrnic reminders, desk references, web sites, etc. and shuld include but nt be limited t infrmatin n passwrds and passwrd prtectin, lgn id, virus prtectin strategies, etc. Due in part t licensing requirements and sftware cmpatibility issues, Dartn Cllege has a plicy stating that installatin f all wrkstatin hardware and sftware must be authrized by the Cmputer Services Wrkstatin Supprt Grup and/r the Netwrk Supprt Grup. Sftware includes, but is nt limited t, screensavers, cmputer games, and material dwnladed frm the Internet. Cnfidential infrmatin shuld nt be n the wrkstatin hard drive fr security and business reasns. Mst wrkstatins pse a risk f unauthrized access because the "C" drives are nt private r restricted t the user wh is nrmally assigned t a wrkstatin. Sftware that includes a terminal lcking feature, e.g. screen saver with passwrd prtectin, must be available t all users. The advantages f this type f sftware and the techniques fr its use are included in the training f new persnnel. The use f passwrd prtectin and terminal lcking is mandatry fr the security fficer and security assciates. An example fr users n Passwrd Prtectin guidelines include: Passwrds must be: Cnfidential Between 5 and 8 alphanumeric characters lng With the exceptin f temprary passwrds created by the Security Officer r Assciate, the wner f the user id must create passwrds. Gd chices fr passwrds are: Tw r mre adjining wrds Gibberish Alphabetic characters mixed with numbers Pr chices fr passwrds are: Repeating character strings A single dictinary wrd Trivial. Never use: Any part f yur name 11

16 Nicknames Initials Spuse's r child's name Yur user id Hbbies Seasns f the year Birthdays Pets Anniversary dates License plate numbers Passwrds, including thse assigned by Security Assciates, shuld never be PASSWORD r the user's lgin id r user id. Passwrds shuld be difficult t guess, but easy t remember s that yu d nt need t write them dwn. Passwrds that are written dwn shuld never be left in easily accessible lcatins, e.g. unlcked desk drawers, desk calendars, the back f the wrkstatin. When changing a passwrd dn't use ne yu have used previusly. The systems will require yu t change yur passwrd(s) at least every 180 days. Staff in psitins f high-risk, e.g. security fficers, LAN administratrs, must change their passwrd(s) at least every 90 days. User ids are disabled after three failed attempts n the mainframe and after 5 failed attempts n ther platfrms. Netwrk management tls that circumvent the nrmal delivery f messages by intercepting r mnitring the cntents f messages addressed t anther recipient are used nly by emplyees specifically authrized t use such tls. When it is an ptin (e.g. with remte take-ver tls) users are advised that their messages are being intercepted when the tls are in use. When direct ntificatin is nt an ptin (e.g. with netwrk mnitrs) users are advised that their messages may be intercepted in the curse f rutine netwrk mnitring. Ntificatin must be made fr each ccurrence where tls give the ptin t view cnfidential data r change data in any way. The cntact fr questins r additinal infrmatin is the Chief Infrmatin Officer. Access t Published Cllege Infrmatin A recrd is bradly defined t mean "... any material n which written, drawn, printed, spken, visual r electrmagnetic infrmatin is recrded r preserved, regardless f physical frm r characteristics, which has been created r is being kept by an authrity. "Recrd" includes, but is nt limited t, handwritten, typed r printed pages, maps, charts, phtgraphs, films, recrdings, tapes (including cmputer tapes), cmputer printuts and ptical disks. 12

17 The cllege rutinely publishes infrmatin which is f general interest t the public and which des nt carry cnfidentiality requirements. The mechanisms fr publicatin range frm traditinal pamphlets and bks t dcuments accessible thrugh the wrld wide web. Access t published dcuments is nt limited t specific individuals and the security prvisins necessary fr published dcuments generally nly include thse necessary t assure integrity and availability. Examples f published cllege infrmatin include the Cllege emplyees' telephne and directry and the Athletics Calendars. Access t Cllege Infrmatin Under The Open Recrds Law The Open Recrds Law: Gergia's Open Recrds Law is "t be cnstrued in every instance with a presumptin f cmplete public access, cnsistent with the cnduct f gvernmental business." All requests fr infrmatin under the Open Recrds Law shuld be frwarded t the Vice President fr Business and Finance fr apprval and prcessing befre any recrds are released. Exemptins t the Open Recrds Law: The Open Recrds Law cntains three types f exemptins: Exemptins expressly set frth in the Open Recrds Law. Exemptins based n exemptins t the Open Meetings Law. Cmmn law exemptins. Exempt recrds: 1. Specifically exempted frm disclsure by state r federal law. 2. Investigative infrmatin btained fr law enfrcement purpses. 3. Recrd is a cmputer prgram. 4. Trade secret. 5. Recrd wuld identify a law enfrcement infrmant. Examples f exempt recrds include: Drafts, ntes, preliminary cmputatins and like materials prepared fr the riginatr's persnal use. Materials which are the persnal prperty f the custdian. Materials t which access is limited by cpyright, patent, r bequest. Published materials in the pssessin f an authrity, ther than a public library, which are available fr sale r available fr inspectin at a public library. In additin, the Open Recrds Law states that its inspectin and cpying rights d nt apply t a recrd which has been r will be prmptly published with cpies ffered fr sale r distributin. 13

18 The Open Recrds Law gives public access t existing recrds. Staff shuld nt d additinal prgramming t make the data mre meaningful, unless s directed by management. An example f this is a recrd that cntains a cde, which relates t a title stred in anther file r table; the cde may nt be self-explanatry, but Dartn Cllege staff shuld nt, as a matter f curse, write a new prgram t create a unique file including the title within the recrd. Rutine Internal Use and Maintenance f Cllege Infrmatin Internal use f infrmatin is limited t specific individuals perfrming specific wrk tasks: Mst use and maintenance f infrmatin retained by the cllege is cnducted utside f the prvisins f the Open Recrds Law. Rutine access t infrmatin is generally cnducted by emplyees r ther agents f the cllege. Apprval fr such rutine access is nt granted under an Open Recrds request but is dne when specific wrk assignments are made which require the access. The CIS Department has designated peple wh will issue lgn ids and user ids. Specifically, these peple are lcated in the Department f Campus Infrmatin Services. The lgn id/user id will: Prvide access nly t the extent needed t perfrm the wrk fr which the access is granted. Prvide access nly f the type (create, read, update, delete) needed t perfrm the wrk fr which the access is granted. Prvide access nly fr the time perid during which the wrk is perfrmed. Identificatin f individuals using cllege infrmatin (ther than individuals using lw security applicatins such as infrmatinal web pages and the cllege emplyees telephne directry): CIS will issue a separate user identificatin (user id) t each persn wh is authrized t access infrmatin retained by the cllege. Each persn will als be issued a temprary passwrd that is t be changed at the first lgn and maintained accrding t a regular schedule. Persns issued a user id and passwrd are respnsible t thers. Persns issued a user id are respnsible fr all infrmatin accesses perfrmed under that user id. PHYSICAL ACCESS General Intrductin and Requirements The Cllege has established cntrls ver physical access t critical r sensitive hardware and the physical envirnment f that hardware fr Dartn Cllege. In additin t fllwing the Dartn Cllege guidelines, CIS has established mre stringent cntrls ver access t the mainframe and enterprise netwrk envirnment. Physical access t netwrk 14

19 servers r multi-user systems may result in access t data n thse systems. Physical cntrls als minimize the threat f theft and dwntime caused by accidental r deliberate disruptin. All cmputer platfrm administratrs at Dartn Cllege must wrk in cperatin with the Cllege's staff in the Security Department, Inventry Cntrl, and with the Agency Security Officer t implement physical access and envirnmental cntrl measures t prtect the Cllege's cmputing infrastructure. These security measures, which cver ruters, gateways, bridges, all types f servers, desktp and laptp cmputers, and ther mbile technlgy, shuld be cmmensurate with the value placed n the assets by the Department. Security measures shuld nt adversely affect prductivity and shuld be apprpriate fr the facility where the equipment is lcated. All reasnable effrts shuld be made t ensure the safety and security f the hardware that cmprises the Dartn Cllege Netwrk. There are tw categries f technlgy equipment: Equipment that has data stred n it has mre stringent security requirements; Equipment that des nt have data stred n it must be subject t prudent prcedures and practice. The fllwing measures shuld be taken t physically safeguard the Department's infrmatin technlgy equipment and envirnment. 1. Risk Assessment & Security Review The Department Head, r ther department-assigned persn, fr each Department must peridically assess the physical security f infrmatin technlgy at each netwrk site. The Departments plans fr security must be submitted t the Cllege's Vice President fr Business and Finance and Chief Infrmatin Officer fr apprval. The Chief Infrmatin Officer, the Security Officer, the Security Assciates, the Inventry Cntrl Supervisr, and the Vice President fr Business and Finance will peridically review security prcedures in all Departments. 2. Access Cntrl All Department prductin file, database, and cmmunicatins servers and all ther critical netwrk related equipment shuld be in secure envirnments; test files and equipment shuld be secured when pssible, but less emphasis is put n these. In all situatins, the list f individuals wh have access t secured areas must be n file with the Chief Infrmatin Officer, Security Officer, and Assciate Security Officer(s). Varius techniques can be emplyed fr access cntrl: 15

20 Persns in secure rms wear visible persnal identificatin r visitr badges; Access drs can be electrnically secured and alarmed 24 hurs a day with access nly by individualized magnetic cards; Cmbinatin lcks may be used. Where these lcks are utilized, the cmbinatin will be made available t staff under the same plicies as ther access, including audibility. A designated staff persn will change the cmbinatin whenever there are staffing changes and n a prescribed schedule at ther times. The cmbinatin will fllw manufacturer's suggestins, e.g. multiple numbers simultaneusly. Only the designated staff may share the cmbinatin with ther persnnel. Attempts t defeat physical security cntrls can be prhibited; Permanent right t access can be granted and remved by Divisin/Department Security Officers strictly n a regular need-t-bethere basis; Visitrs can be escrted by staff with permanent access. 3. Physical Envirnment The measures taken t assure a secure physical envirnment shuld be apprpriate t the equipment t be prtected. Measures that will be taken unless the physical lcatin precludes implementatin include: Rms shuld have adequate fire and water detectin, preventin, and suppressin cntrls and emergency lighting; Water sprinklers shuld nt spray n the equipment; Temperatures within the rm shuld be maintained within peratinal limits; Telephnes shuld be within easy reach f all equipment; Smking, eating, r drinking will be prhibited in the vicinity f critical equipment, e.g., servers; prudent care shuld be taken when in the vicinity f nn-critical equipment; Cmbustible materials, such as paper, shuld generally be stred utside f the area. If it is necessary t stre special frms in a physically secured area, persnnel in the secured area will be aware f the ptential prblems. Windws shuld be permanently lcked, nn-existent, r inaccessible frm the utside; The equipment shuld nt be viewable frm utside the building; and Critical equipment such as servers shuld be physically secured t a large and/r immvable bject, but nt in such a way as t restrict technical maintenance. 4. Dispsal f Equipment Infrmatin technlgy equipment will be dispsed f in accrdance with plicies established by the State f Gergia. 16

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Unified Infrastructure/Organization Computer System/Software Use Policy

Unified Infrastructure/Organization Computer System/Software Use Policy Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

UBC Incident Response Plan V1.5

UBC Incident Response Plan V1.5 UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal

More information

Heythrop College Disciplinary Procedure for Support Staff

Heythrop College Disciplinary Procedure for Support Staff Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

Internet and E-Mail Policy User s Guide

Internet and E-Mail Policy User s Guide Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...

More information

Purpose Statement. Objectives

Purpose Statement. Objectives Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin

More information

IT CHANGE MANAGEMENT POLICY

IT CHANGE MANAGEMENT POLICY IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement

More information

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16 Yu must read and agree t fllw the netwrk rules belw t use yur netwrk accunt r access the internet. Nrwd Public Schls makes available t students access t cmputers and the Internet. Students are expected

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

DISASTER RECOVERY PLAN TEMPLATE

DISASTER RECOVERY PLAN TEMPLATE www.disasterrecveryplantemplate.rg The bjective f a disaster recvery plan is t ensure that yu can respnd t a disaster r ther emergency that affects infrmatin systems and minimize the effect n the peratin

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information.

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information. POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

We will record and prepare documents based off the information presented

We will record and prepare documents based off the information presented Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students Bring Yur Own Device Plicy fr Students Purpse This plicy utlines the acceptable use f electrnic devices t maintain a safe and secure educatin envirnment with the gal f preparing students fr the future,

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

Information Security Policy

Information Security Policy Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every

More information

Woodstock Multimedia, INC. Software/Hardware Usage Policy

Woodstock Multimedia, INC. Software/Hardware Usage Policy Wdstck Multimedia, INC. Sftware/Hardware Usage Plicy POLICY PURPOSE The purpse f the Wdstck Multimedia, INC. Sftware / Hardware Usage Plicy is t ensure that Wdstck Multimedia, INC. emplyees are prperly

More information

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents. Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr

More information

DisplayNote Technologies Limited Data Protection Policy July 2014

DisplayNote Technologies Limited Data Protection Policy July 2014 DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f

More information

Request for Proposal Technology Services

Request for Proposal Technology Services Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

To clarify terms used within these policies, the following definitions are provided:

To clarify terms used within these policies, the following definitions are provided: Baker University Email Plicy E-mail services are prvided t the Baker cmmunity in supprt f the educatinal missin f the University and the administrative functins t carry ut that missin. Users f Baker e-mail

More information

Privacy Breach and Complaint Protocol

Privacy Breach and Complaint Protocol Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

POLICY INTERNET - ACCEPTABLE USE

POLICY INTERNET - ACCEPTABLE USE POLICY Dc. Cde: IS I5 INTERNET - ACCEPTABLE USE Applicable t: MidCentral DHB Including MidCentral Health & Enable NZ Issued by: Infrmatin Systems Cntact: Manager Service Delivery 1. PURPOSE This plicy

More information

State of California California Technology Agency. Software Management Plan Guidelines

State of California California Technology Agency. Software Management Plan Guidelines State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)

More information

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015 ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY Gvernrs Cmmittee: Finance and General Purpses Apprved by Gverning Bdy n: 6 th May 2015 Signed: (Chair f Cmmittee) Signed: (Headteacher) Date t be

More information

In addition to assisting with the disaster planning process, it is hoped this document will also::

In addition to assisting with the disaster planning process, it is hoped this document will also:: First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 8 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk The Bard f Educatin recgnizes as new technlgies shift the manner in which infrmatin is

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

Health and Safety Training and Supervision

Health and Safety Training and Supervision Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires

More information

Help Desk Level Competencies

Help Desk Level Competencies Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

Malpractice and Maladministration Policy

Malpractice and Maladministration Policy TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012

0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012 State f Michigan Administrative Guide t State Gvernment 0820.02 Wrkers Disability Cmpensatin Claims Prcedures Issued: January 1, 1994 Revised: March 29, 2012 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY:

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7 Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation TO: FROM: HR Officers & Human Resurces Representatives Chris Chirn, Interim Senir Directr, Emplyee & Management Relatins Jessica Mre, Senir Directr, Classificatin & Cmpensatin DATE: May 26, 2015 RE: Annual

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

OITS Service Level Agreement

OITS Service Level Agreement OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

THIRD PARTY PROCUREMENT PROCEDURES

THIRD PARTY PROCUREMENT PROCEDURES ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central

More information

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act

More information

RQ10.06 AACo Share Trading Policy

RQ10.06 AACo Share Trading Policy Australian Agricultural Cmpany Limited ACN 010 892 270 RQ10.06 AAC Share Trading Plicy Versin 5 This plicy was apprved by the Bard f Australian Agricultural Cmpany Limited n 15 December 2010. This plicy

More information

A. Early Case Assessment

A. Early Case Assessment Electrnic Discvery Reference Mdel Standards fr the identificatin f electrnically stred infrmatin in discvery http://www.edrm.net/resurces/standards/identificatin A. Early Case Assessment Once a triggering

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

Electronic and Information Resources Accessibility Compliance Plan

Electronic and Information Resources Accessibility Compliance Plan Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise

More information

Service Desk Self Service Overview

Service Desk Self Service Overview Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

FERRIS STATE UNIVERSITY SCHOOL of NURSING CODE of CONDUCT

FERRIS STATE UNIVERSITY SCHOOL of NURSING CODE of CONDUCT 1 FERRIS STATE UNIVERSITY SCHOOL f NURSING CODE f CONDUCT The Schl f Nursing (SON) at Ferris State University uphlds the University Cde f Student Cnduct and the American Nurses Assciatin Cde f Ethics.

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents TITLE: Supplier Cntracting Guidelines Prcess: FIN_PS_PSG_050 Replaces: Manual Sectins 6.4, 7.1, 7.5, 7.6, 7.11 Cntents 1 Abut university supplier cntracting... 2 2 When is a cntract required?... 2 3 Wh

More information