Information Security Policy. Information Security Policy. Working Together. May Borders College 19/10/12. Uncontrolled Copy

Size: px
Start display at page:

Download "Information Security Policy. Information Security Policy. Working Together. May 2012. Borders College 19/10/12. Uncontrolled Copy"

Transcription

1 Working Together Information Security Policy Information Security Policy May 2012 Borders College 19/10/12 1 Working Together

2 Information Security Policy 1. Introduction Borders College recognises that information systems, the information they contain and the associated processing tools and services now pervade teaching, learning and administration and are of vital importance to the efficient functioning of the organisation. Its policy is to take any measures considered necessary to ensure that all aspects of its systems are fully protected complying with The Computer Misuse Act 1990, the Data Protection Act 1998, The Copyright (Computer Programme) Regulations Act 1992, Regulation of Investigatory Powers Act 2000 (RIPA), Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (LBP). 2. Scope The infrastructure and information systems to which the policy applies includes, desktop productivity tools, telephone, fax, voic , internet access, social media, , the underlying network and communication lines. The policy applies to all users of the information systems including students, staff, technical support staff, managers, board members, auditors (both internal and external) and any other authorised users. 3. Key Principles 3.1 The College will ensure that all users of information systems recognise their responsibilities in relation to securing hardware, peripherals and other equipment, and the information contained in those systems via the creation of the comprehensive Acceptable use of Information Systems Policy. 3.2 Controlling Access to Information and Systems:- Access Control will be determined in accordance with the agreed levels for each end user s role in the College. Unattended workstations will have enforced screen saving mechanisms put in place where the end user will have to re enter their login details to unlock the screen. Borders College 19/10/12 2 Working Together

3 Access and usage will be logged and monitored to identify potential misuse of systems or information. Remote access to the network and resources will only be permitted providing the authorised users are authenticated beforehand. 3.3 Purchasing and Maintaining Commercial and In-house Software Prior to the purchase of new software, essential full specification of business and technical requirements will be developed. (User Requirement Specification). Consideration of how any new software or how any changes to current software will affect integration with other systems will be included as part of any evaluation. Sizing and capacity requirement exercises will be carried out for all new software, with input from the supplier as appropriate. The appropriate number of licences to be purchased must be specified to allow use of the software, adherence to the Terms Of End User License Agreements, and retention of eligibility for ongoing vendor support. Third party support, whether of a technical or housekeeping nature will be specified and quantified in advance of any purchase or development, to ensure that the support availability matches business requirements and that such support is backed by a Service Level Agreement. 3.4 Business Continuity\Disaster Recovery Detail backup strategies ensuring confidentiality and identifying mission critical data will be updated and maintained on a regular basis. The plans will be periodically tested and documented including clear guidelines on how this should be carried out. 3.5 Change Management All changes to software and hardware systems will be subject to a comprehensive change management process. Borders College 19/10/12 3 Working Together

4 Major changes will be subject to a formal project management methodology and will include (but not limited to) full options appraisal, resource requirements, risks and constraints, control, reporting, stakeholders, project organisational structure and responsibilities. Systems testing (including User Acceptance Testing) will be carried out and the results documented and signed off prior to implementation of live changes. Changes will be managed in such a way as to ensure that, wherever possible, the networks, systems and services availability to users is maintained throughout the process and that information is processed and transferred correctly, preserving its integrity. 3.6 Detecting and responding to information security incidents A register of incidents will be maintained and reviewed on a regular basis. All such evidence will be collected in a methodical and consistent manner to ensure risk of repeat faults is minimised. Reports will give full account of incident and actions taken. Faults will be reported to the ICT Strategy Group and, where there has been significant adverse effect or where a risk remains, to the College Senior Management Team. 3.7 Audit and Compliance The ICT systems, including infrastructure, data integrity and management, change management, disaster recovery, replacement scheduling, end user services, policies, practices and procedure will be subject to inclusion in the College s internal audit programme. Borders College 19/10/12 4 Working Together

5 4. Responsibilities 4.1 The Finance and General Purposes committee is responsible for agreeing the Policy. 4.2 The Director of Finance and Resources is responsible for the implementation of the Policy. 4.3 The ICT Manager is responsible for all aspects of system security, including:- Procedures for Systems and Network Administration Use of Electronic Communication Systems Internet and Remote connections Ethics and Application Use User identification and accountability Authentication Access control 4.4 All staff and students are responsible for adhering to the Policy. All breaches of computer security must be referred to the ICT Manager. 5. Related Procedural Documents Data Protection Policy Data Protection Act 1998 Disciplinary Policy and Procedures Whistle Blowing Policy 6. Review This Policy will be reviewed every 2 years or more regularly as circumstances dictate. Borders College 19/10/12 5 Working Together

6 Status: Approved by the JCC Policy Committee Policy Dated: May 2012 Author: ICT Manager Review Date: May 2014 Equality Impact Assessed: N/A Borders College 19/10/12 6 Working Together

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY MANAGEMENT POLICY INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

ICT Student Usage Policy

ICT Student Usage Policy ICT Student Usage Policy Document status Document owner Vice Principal Finance and Resources Document author IT Manager Document type Policy Date of document January 2015 Version number 04 Review requirements

More information

Information Security Policy

Information Security Policy Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

P01 - Information Security Policy

<COMPANY> P01 - Information Security Policy P01 - Information Security Policy Document Reference P01 - Information Security Policy Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 09 November 2009: Initial release.

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

Telephone Acceptable Use Policy (ISP05)

Telephone Acceptable Use Policy (ISP05) Telephone Acceptable Use Policy (ISP05) Issue Date: December 2014 Version 3 Document Control 3 1. Policy Statement 4 2. Introduction 4 3. Responsibilities 4 4. Breach of Policy 5 5. Service Standards:

More information

METRO REGIONAL GOVERNMENT Records Retention Schedule

METRO REGIONAL GOVERNMENT Records Retention Schedule Program: Administration IS Administration provides strategic planning, direction, and central management oversight of the Information Services that includes the following programs: Desktop Support Services,

More information

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES Version 3.0 17/05/2012 CONTENTS 1. Introduction and Scope... 3 2. Data Protection Act 1998... 4 3. Licence Registration and Prevention of Piracy...

More information

JOB AND PERSON SPECIFICATION

JOB AND PERSON SPECIFICATION JOB AND PERSON SPECIFICATION Position Title: Help Desk Officer Classification Code: ASO-3 Division: Central Northern Adelaide Health Service Branch: The Queen Elizabeth Hospital Type of Appointment: Section:

More information

Managing internet security

Managing internet security Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further

More information

School Admin Network Support. Specialist telephone, remote and scheduled onsite support for the school admin network.

School Admin Network Support. Specialist telephone, remote and scheduled onsite support for the school admin network. School Admin Network Support. Specialist telephone, remote and scheduled onsite support for the school admin network. Introducing school admin network support. In addition to our scheduled onsite technical

More information

MANAGED SERVICE PROVIDER (MSP) PROGRAM

MANAGED SERVICE PROVIDER (MSP) PROGRAM MANAGED SERVICE PROVIDER (MSP) PROGRAM SECURITY POLICY FOR DATA MANAGEMENT AND PERSONNEL JUNE, 2001 6991 E. Camelback Rd, Suite B-265 * Scottsdale, AZ 85251 * 877-675-0080 * Fax: 480-675-0090 TABLE OF

More information

UTC Cambridge ICT Policy

UTC Cambridge ICT Policy UTC Cambridge ICT Policy Lead member of SLT: Designated Governor: Staff Member: Principal TBC Lead IT & Telecommunication Technician Contents Introduction Scope Purpose Monitoring of college systems Prohibitions

More information

Remote Network Monitoring. A specialist remote network infrastructure monitoring solution for the UK education sector.

Remote Network Monitoring. A specialist remote network infrastructure monitoring solution for the UK education sector. Remote Network Monitoring. A specialist remote network infrastructure monitoring solution for the UK education sector. Keeping a watchful eye over your schools network infrastructure. Our ICT introduces

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

Information for Management of a Service Organization

Information for Management of a Service Organization Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure

More information

Decision on adequate information system management. (Official Gazette 37/2010)

Decision on adequate information system management. (Official Gazette 37/2010) Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)

More information

Security Whitepaper: ivvy Products

Security Whitepaper: ivvy Products Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security

More information

Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences

Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences July 2015 1 Introduction 1.1 This July 2015 advice is updated from the previously

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

The Anglia Revenues Partnership

The Anglia Revenues Partnership The Anglia Revenues Partnership Housing and Council Tax Benefit Telephone Claims Call Recording Policy Benefits Service Author: Sharon Jones 13 December 2012 Page 1 of 8 Housing and Council Tax Benefit

More information

Information Technology Policy and Procedures

Information Technology Policy and Procedures Information Technology Policy and Procedures Responsible Officer Author Ben Bennett, Business Planning & Resources Director Policy Development Group Date effective from April 2005 Date last amended February

More information

III. RESPONSIBILITIES

III. RESPONSIBILITIES Issued by: Calvin O. Butts, III, President Effective Date: September 23, 2013 Page 1 of 5 I. POLICY & SCOPE This is the SUNY College at Old Westbury policy on College-provided access to electronic information

More information

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014 Internet Acceptable Use Policy A council-wide information management policy Version 1.5 June 2014 Copyright Notification Copyright London Borough of Islington 20134This document is distributed under the

More information

Marist College. Information Security Policy

Marist College. Information Security Policy Marist College Information Security Policy February 2005 INTRODUCTION... 3 PURPOSE OF INFORMATION SECURITY POLICY... 3 INFORMATION SECURITY - DEFINITION... 4 APPLICABILITY... 4 ROLES AND RESPONSIBILITIES...

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Information Security Policy. Policy and Procedures

Information Security Policy. Policy and Procedures Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable

More information

Network Security: Policies and Guidelines for Effective Network Management

Network Security: Policies and Guidelines for Effective Network Management Network Security: Policies and Guidelines for Effective Network Management Department of Electrical and Computer Engineering, Federal University of Technology, Minna, Nigeria. jgkolo@gmail.com, usdauda@gmail.com

More information

THE LONG EATON SCHOOL

THE LONG EATON SCHOOL THE LONG EATON SCHOOL ICT Security Policy Rules, expectations and advice for students APPROVED BY GOVERNORS: Student ICT Policy Introduction Educational establishments are using computer facilities more

More information

Blacklisting Procedure

Blacklisting Procedure Blacklisting Procedure Related Policy ICT Services and Facilities Use Policy Responsible Approved by Approved and commenced August, 2014 Review by August, 2017 Responsible Organisational Unit Information

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT GENERAL DISTRIBUTION OCDE/GD(95)115 OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT THE APPLICATION OF THE PRINCIPLES OF GLP TO COMPUTERISED

More information

Caldwell Community College and Technical Institute

Caldwell Community College and Technical Institute Caldwell Community College and Technical Institute Student Computer Usage Policies and Procedures I. Campus Computer Usage Overview: The purpose of this document is to define the policies and procedures

More information

Our School Backup A trusted, safe and secure remote backup solution for the UK education sector.

Our School Backup A trusted, safe and secure remote backup solution for the UK education sector. Our School Backup A trusted, safe and secure remote backup solution for the UK education sector. A trusted, safe and secure remote data backup solution for schools. Our ICT presents Our School Backup,

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

School Information Security Policy

School Information Security Policy School Information Security Policy Created By: Newport Education Service Date Created: 22 December 2009 Version: V1.0 Contents Background... 3 IT Infrastructure... 3 IT Access... 3 Acceptable use policy...

More information

Vodafone Cloud Storage

Vodafone Cloud Storage Vodafone Cloud Storage Overview Vodafone Cloud Storage gives you another, more flexible way to store data. It s available on G-Cloud and it s: Flexible you can decide how and where to store your data Fast

More information

CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

NETWORK SECURITY GUIDELINES

NETWORK SECURITY GUIDELINES NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus

More information

RS Official Gazette, No 23/2013 and 113/2013

RS Official Gazette, No 23/2013 and 113/2013 RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005

More information

INFORMATION SECURITY OVERVIEW

INFORMATION SECURITY OVERVIEW INFORMATION SECURITY OVERVIEW December 2003 TABLE OF CONTENTS 1 INTRODUCTION... 1 1.1 SECURITY POLICY HIGHLIGHTS... 1 1.1.1 INFORMATION SECURITY POLICY RECAP... 1 1.1.2 NETWORK POLICY RECAP... 2 1.2 COMPUTER

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

Working Together Aiming High!

Working Together Aiming High! Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.

More information

BAND: 5. 37½ hours per week 1. JOB SUMMARY

BAND: 5. 37½ hours per week 1. JOB SUMMARY POST TITLE: Software Developer BAND: 5 HOURS: ACCOUNTABLE TO: LOCATION: 37½ hours per week Head of Informatics Programme Mamhilad 1. JOB SUMMARY Reporting to Software Development Manager, the post holder

More information

The Thomas Hardye School Bring Your Own Device to School (BYOD) Policy for Students

The Thomas Hardye School Bring Your Own Device to School (BYOD) Policy for Students The Thomas Hardye School Bring Your Own Device to School (BYOD) Policy for Students Adopted by Personnel & Resources Committee 1 st September 2014 Review date: 31 st August 2015 Signed by Chair:. CONTENTS

More information

Information & Communication Technology Strategy 2012-15

Information & Communication Technology Strategy 2012-15 Information & Communication Technology Strategy 2012-15 Information & Communication Technology (ICT) 2 Our Vision To provide a contemporary and integrated technological environment, which sustains and

More information

Please Note: Temporary Graduate 485 skills assessments applicants should only apply for ANZSCO codes listed in the Skilled Occupation List above.

Please Note: Temporary Graduate 485 skills assessments applicants should only apply for ANZSCO codes listed in the Skilled Occupation List above. ANZSCO Descriptions This ANZSCO description document has been created to assist applicants in nominating an occupation for an ICT skill assessment application. The document lists all the ANZSCO codes that

More information

Information Security Controls for Website Development and Hosting

Information Security Controls for Website Development and Hosting Information Security Controls for Website Development and Hosting Version: 1.0 Author: ictqatar Classification: Internal Date of Issue: 18 th August 2011 Information Security Controls for Website Hosting

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Hosted / Cloud PBX Terms and Conditions. Anttel Communications Group Pty Ltd. Hosted / Cloud PBX Terms and Conditions

Hosted / Cloud PBX Terms and Conditions. Anttel Communications Group Pty Ltd. Hosted / Cloud PBX Terms and Conditions Hosted / Cloud PBX Terms and Conditions Anttel Communications Group Pty Ltd Hosted / Cloud PBX Terms and Conditions A. Anttel Communications Group Pty Ltd ( Anttel ) is a telecommunications provider and

More information

Firewall Administration and Management

Firewall Administration and Management Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall

More information

POLICY ON USE OF INTERNET AND EMAIL

POLICY ON USE OF INTERNET AND EMAIL POLICY ON USE OF INTERNET AND EMAIL OVERVIEW Public sector employees are accountable for their use and management of all public resources including the use of services such as the Internet and electronic

More information

Berwick Academy Policy on E Safety

Berwick Academy Policy on E Safety Berwick Academy Policy on E Safety Overview The purpose of this document is to describe the rules and guidance associated with E Safety and the procedures to be followed in the event of an E Safety incident

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Version: 1.0 Last Amendment: N/A Approved by: Executive Committee Policy owner/sponsor: Director, Digital Library Services and CIO Policy Contact Officer: Manager, ICT

More information

Review of Education and Training on Law Enforcement Data Security in Victoria Police. March 2008 Commissioner for Law Enforcement Data Security

Review of Education and Training on Law Enforcement Data Security in Victoria Police. March 2008 Commissioner for Law Enforcement Data Security Review of Education and Training on Law Enforcement Data Security in Victoria Police March 2008 Commissioner for Law Enforcement Data Security Acknowledgement This report was prepared for the Commissioner

More information

Southern Law Center Law Center Policy #IT0004. Title: Email Policy

Southern Law Center Law Center Policy #IT0004. Title: Email Policy Southern Law Center Law Center Policy #IT0004 Title: Email Policy Authority: Department Original Adoption: 7/20/2007 Effective Date: 7/20/2007 Last Revision: 9/17/2012 1.0 Purpose: To provide members of

More information

Information technology Security techniques Code of practice for information security controls

Information technology Security techniques Code of practice for information security controls INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Bring Your Own Device 2015 Parent information evening

Bring Your Own Device 2015 Parent information evening Parent information evening Why BYOD? It s not about the tools - It s about using the tools to facilitate learning Research studies from the US and Canada show a significant increase in the level of student

More information

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Principles for financial market infrastructures: Assessment methodology for the oversight

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Cloud Consultancy for Schools. Professional Cloud Adoption Consultancy services for the UK education sector.

Cloud Consultancy for Schools. Professional Cloud Adoption Consultancy services for the UK education sector. Cloud Consultancy for Schools. Professional Cloud Adoption Consultancy services for the UK education sector. Introduction. As schools continue to embrace cloud computing throughout 2015, the number of

More information

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either:

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either: POLICY Use of Electronic Communication Systems Date: July 2011 1. Policy Statement 1.1 This policy aims to inform staff of The Housing Plus Group s views on use of its telephone systems, mobile phones,

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

TECHNOLOGY ACCEPTABLE USE POLICY

TECHNOLOGY ACCEPTABLE USE POLICY Policy Statement TECHNOLOGY ACCEPTABLE USE POLICY Reason for Policy/Purpose The purpose of this policy is to provide guidelines to the acceptable and ethical behavior that guides use of information and

More information

COMPUTER, INTERNET, & EMAIL USE POLICY

COMPUTER, INTERNET, & EMAIL USE POLICY COMPUTER, INTERNET, & EMAIL USE POLICY SECTION ONE. PURPOSE A. To remain competitive, better serve our Students and provide our employees with the best tools to do their jobs, Jersey City Global Charter

More information

Hong Kong Baptist University

Hong Kong Baptist University Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy 1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines

More information

Assistant Director of Facilities

Assistant Director of Facilities Policy Title ID Number Scope Status Reviewed By IT Security Policy P04001 All Users Policy Assistant Director of Facilities Reviewed Date January 2011 Last Reviewed Due for Review January 2013 Impact Assessment

More information

1B1 SECURITY RESPONSIBILITY

1B1 SECURITY RESPONSIBILITY (ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,

More information

BRIEFING PAPER UNIVERSITY GREY USER IDENTITY MANAGEMENT

BRIEFING PAPER UNIVERSITY GREY USER IDENTITY MANAGEMENT BRIEFING PAPER UNIVERSITY GREY USER IDENTITY MANAGEMENT UNIVERSITY GREY USER IDENTITY MANAGEMENT TABLE OF CONTENTS 1. INTRODUCTION... 1 2. COMMON IDENTITY MANAGEMENT ISSUES... 2 3. THE ROLE OF IT DEPARTMENTS

More information

LEEMING SENIOR HIGH SCHOOL. Bring Your Own Device Information and Policy 2015

LEEMING SENIOR HIGH SCHOOL. Bring Your Own Device Information and Policy 2015 LEEMING SENIOR HIGH SCHOOL Bring Your Own Device Information and Policy 2015 1 1 Dear Parent/Guardian Since the ending of the Federal Government s Digital Education Revolution funding, Leeming SHS can

More information

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector Public Sector Internal Audit Standards Applying the IIA International Standards to the UK Public Sector Issued by the Relevant Internal Audit Standard Setters: In collaboration with: Public Sector Internal

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

Audit, Risk Management and Compliance Sky Supplier Security Standard V2.9. Supplier Security Standard v2.9

Audit, Risk Management and Compliance Sky Supplier Security Standard V2.9. Supplier Security Standard v2.9 Supplier Security Standard v2.9 Introduction Sky operates in an environment of significant legislative, regulatory and industry standards compliance requirements and must have continued assurance that

More information

University of York Policy on the Management of Debit/ Credit Card Data

University of York Policy on the Management of Debit/ Credit Card Data University of York Policy on the Management of Debit/ Credit Card Data Version 1.0 25th February 2015 Index 1 Introduction and Policy Statement 1.1 The Payment Card Industry Data Security Standard (PCI

More information

VoIP Telephony for Schools. The deployment and ongoing support of VoIP solutions for the UK education sector.

VoIP Telephony for Schools. The deployment and ongoing support of VoIP solutions for the UK education sector. VoIP Telephony for Schools. The deployment and ongoing support of VoIP solutions for the UK education sector. The future of voice communication for education. Together with our partners at New Star Networks,

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

NSW Government. Cloud Services Policy and Guidelines

NSW Government. Cloud Services Policy and Guidelines NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4

More information

16 Electronic health information management systems

16 Electronic health information management systems 16 Electronic health information management systems Section 16: Electronic information management systems The continued expansion and growth in global technologies is aiding the development of many new

More information