CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd
|
|
- Oliver Gibson
- 7 years ago
- Views:
Transcription
1 CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate Ltd 107 Fleet Street, London EC4A 2AB TEST LABORATORY DETAILS SiVenture Unit 6, Cordwallis Park Clivemont Road Maidenhead Berks SL6 7BU Telephone Number: Telephone Number: info@dataeliminate.com Website: john.walker@siventure.com Website: CCTM Application Reference Number V032/0003 CCTM Maintenance Application only ICD Reference Number NA ONY2-CD-0002 ICD Version Number 1.3 ICD Date 15 April 2011 ICD Author Julian Fraser CONTACT POINT FOR TECHNICAL QUERIES ON THE ICD: Contact Name: Julian Fraser Contact Address: info@dataeliminate.com
2 Telephone Number: CERTIFICATE DETAILS The table will be on the front cover of the Final ICD when this is published on the CCTM Website CCTM Certificate Number 2011/04/0096 CCTM Awarded on 05 May 2011 CCTM Award Expires on 04 May 2012 ICD Issue Date 05 May 2011
3 TABLE OF CONTENTS 1 INTRODUCTION Background Objectives Purpose of Document Structure IS SERVICE DESCRIPTION Service Identification Service Overview Usage assumptions CCTM CLAIMS FOR THE IS PRODUCT OR SERVICE Claims Statements Existing assurance certificates Test Approach... Error! Bookmark not defined. 15 April 2011 Version 1-3 Page 3 of 11
4 1 INTRODUCTION 1.1 Background This document outlines the IA claims made by Data Eliminate Limited in regard to the suitability of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management for use by the UK Public Sector and other users for ensuring data has been securely destroyed on end of life computer and data storage equipment. Data Eliminate helps customers to meet those challenges. The service incorporates a selection of destruction methods including magnetic media degaussing, physical destruction by shredding and secure data overwriting. 1.2 Objectives The objectives of this document are to enable testing and verification under the CCT Mark scheme. 1.3 Purpose of Document This document is the ICD for Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management This ICD is the baseline document for the CCTM Claims Test of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management. 1.4 Structure The structure of this ICD is as follows: Section 1 (this section) contains the introductory material. Section 2 contains the description of functionality of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management and all the information related to the security of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management. Section 3 details the security functionality claims that are being made. 15 April 2011 Version 1-3 Page 4 of 11
5 2 IS SERVICE DESCRIPTION 2.1 Service Identification Product or Service Name: Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management Version: 1 Period of Assessment: January 2011 December Service Overview Clients may select from a list of service options including: Degaussing of hard disk drives and magnetic media such as data tape using products that are certified by CESG under IS(5) at the lower level and are considered capable of purging data up to and including IL3 (Restricted). Physical destruction by shredding of all media. This includes media such as hard disks, data tapes, CDs and DVDs, and handheld devices such as PDAs and mobile phones. Data Overwriting using software certified by CESG under Infosec Standard 5 at the higher level (customers should refer to the latest version of IS5 for details of how higher level overwriting products may be used to destroy data at IL3 and above). Blancco or Kroll overwriting products are used. It should be noted that under the CCTM scheme, data at IL4 and above is considered out of scope and that sanitisation of data is only valid for data up to and including IL3. On-site or off-site destruction. The client can choose to have on-site destruction at their own location or have classified material securely transported to Data Eliminate s secure destruction facility. Data Eliminate provides secure transport of media and of residue/waste after destruction as necessary. The recording of the details of processed data storage items for audit and asset tracking purposes. Details recorded can include but are not limited to serial number, make, model and asset number. A WEEE compliant disposal service of data storage media and other computer and electronic equipment. The process followed is below: 15 April 2011 Version 1-3 Page 5 of 11
6 1. Clients will contact Data Eliminate to procure The Service. The client s requirements and best practice as per IS5 will determine the appropriate service option(s). 2. Where degaussing is required by the client, Data Eliminate will deploy an engineer to the customer s premises with degaussing equipment. The degausser is certified as compliant with the lower degaussing standard and therefore is deemed to be capable of purging data classified up to and including IL3 (restricted). 3. Where physical destruction is required by the client, Data Eliminate will deploy equipment that is capable of destroying data protectively marked up to IL2 (protect). If data at IL3 is to be destroyed, it is necessary to combine physical destruction with the overwriting and/or degaussing service options. 4. Where WEEE recycling is required by the client, Data Eliminate engineer(s) will remove waste and residue from the destruction location. Such waste will be handled and disposed of in line with WEEE Directive. After disposal, a Waste Transfer Note or Hazardous Waste Consignment Note will be issued to the client. 5. At the time of service provision or shortly afterwards, Data Eliminate will provide the client with a certificate of data destruction. This certificate will record job execution date, the name of the senior engineer present, the name of the client s witness and details of items processed including serial number, make, model and asset number as required by the client. The certificate provides an audit record and proof of compliance as may be required by the client Security architecture Not applicable Hardware requirements The service uses a mobile degausser. The type used is made by Verity Systems Ltd and the model is SV91 M Software requirements Not applicable Out of Scope The Service is intended to destroy data up to and including IL3 (restricted). Data with a higher impact level is not covered under the CCTM scheme. If shredding of media is selected without prior 15 April 2011 Version 1-3 Page 6 of 11
7 degaussing or overwriting, then the service is only capable of destroying data up to IL2. Data marked as IL3 must be destroyed by degaussing or overwriting to render the media unclassified. 2.3 Usage assumptions Assets Hard disk drives (desktop, laptop, server, and solid state based drives) Disks (CD, DVD, Floppy, and zip disks), tapes (DAT, DLT, LTO, Audio, and Video Portable storage devices (memory sticks, memory pens, memory cards, and flash based devices) mobile telephony devices (PDA and Smartphone) Threat scenario Threats to assets which are countered are the theft, accidental loss or unauthorised disclosure of personal or operational data Expected operational environment The service can be provided at a location of the client s choosing or at Data Eliminate s secure destruction facility Organisational security policies The service helps the customer to comply with: HMG Security Policy Framework V1.0 (SPF70) December 2008 Mandatory Requirement 45 Code of Connection for the GSI Soctim Data Handling Guidelines, Nov 2008 Security policies related to ISO controls Data protection and privacy of personal information. The United States Sarbanes Oxley Act. In addition, users will be able to comply with NHS SyOp 7.13, the Data Protection Act and generally provide protection against identity and data theft Security requirements on the environment It is the customer s responsibility to provide a secure environment in which the on-site Service can be performed. This should be done in line with their own security policies and procedures. The Service can then be carried out within the secure environment provided by the customer. 15 April 2011 Version 1-3 Page 7 of 11
8 3 CCTM CLAIMS FOR THE IS PRODUCT OR SERVICE 3.1 Claims Statements Unique Ref Claims statements 1 Data Eliminate Ltd operates an Integrated Management System (IMS) covering Operations within the company s offices, on site and off site secure data destruction services, and the management of recycling of IT equipment. The IMS is independently audited by UKAS certified inspectors, NQA, and incorporates the following international standards: ISO 27001:2005 Information Security Management System ISO 14001:2004 Environmental Management System ISO 9001:2008 Quality Management System 2 Data Eliminate manages the recycling and disposal of WEEE in line with the WEEE Directive and is registered with the Environment Agency as a Licensed Waste Carrier and Broker under Certificate Number CB/XN5315VV. Waste Transfer Notes are provided as appropriate. 3 Data Eliminate provides an Overwriting Service for computer hard drives. The service erases data with a protective marking of RESTRICTED or below using software approved for this purpose by CESG. 4 Data Eliminates provides a Degaussing Service for hard drives and magnetic storage media using equipment approved for this purpose by CESG. The service erases data with a protective marking of RESTRICTED or below in compliance with the CESG Lower Level Degaussing Standard. 5 Data Eliminate provides a vehicle-based mobile Shredding Service which is delivered at the customer s premises (or otherwise as specified by the customer). The vehicle is self-powered and self-contained. 6 The Shredding Service shreds and physically destroys hard disk drives, disks, tapes, portable storage devices and mobile telephony devices to ensure that each item is inoperable and destroyed using commercial best practice. The Shredding Service must be used in conjunction with degaussing and/or overwriting to reduce data protectively marked as IL3 to unclassified. 7 Data Eliminate staff count and record the data storage items identified for processing before destruction begins. The client can witness the entire process including counting, recording and destruction. 8 The data destruction services are available at a location specified by the customer (on-site) or at Data Eliminate s own secure facility (off-site). 9 The customer is provided with a certificate of data destruction at the time of destruction or shortly afterwards. This provides details of the media destroyed including media type and serial number (where available), date destroyed, by whom it is destroyed and by whom the destruction process is witnessed. 15 April 2011 Version 1-3 Page 8 of 11
9 Unique Ref Claims statements 10 Data Eliminate will provide secure transport of all media and equipment between sites as required. This transport is approved for carrying material up to and including IL3. 11 Data Eliminate will use staff who are at a minimum BPSS cleared, and deemed capable of handling IL3 material. Staff are fully trained in the use of the equipment. 3.2 Existing assurance certificates The Verity SV9IM degaussing unit used in this service for data destruction complies with the CESG Lower Level Degaussing standard [CESG]. This was originally approved against the SEAP 8500 degaussing standard. Under S(E)N 06/09, degaussers which have been certified as meeting SEAP 8500 will automatically be considered to meet the CESG lower level degaussing standard. See the CESG website for further information: ( displaypage=152&id=287 ) Blancco 4.8 HMG is approved at both Lower and Higher Overwriting Standards (refer to HMG Infosec Standard 5). Blancco 4.8 HMG is approved for UK Government use. isplaypage=152&id=442 Kroll Ontrack Eraser Version 3.0 is approved at the Lower Level and the Higher Level Overwriting Standards (refer to HMG Infosec Standard 5). isplaypage=152&id= April 2011 Version 1-3 Page 9 of 11
10 ANNEX A GLOSSARY OF TERMS Term CCT Mark CD CESG DVD EU HDD HMG IA IL IS IT lcd LTO NHS PDA SDLT SEAP UK WEEE Meaning CESG Claims Tested Mark Compact Disk Communications-Electronics Security Group Digital Versatile Disk European Union Hard Disk Drive Her Majesty s Government Information Assurance Impact Level InfoSec Standard Information Technology Information Assurance Claims Document Linear tape open (magnetic tape media) National Health Service Personal Digital Assistant Super Digital Linear Tape Security Equipment Assessment Panel United Kingdom EU directive on Waste Electrical and Electronic Equipment 15 April 2011 Version 1-3 Page 10 of 11
11 ANNEX B MARKETING STATEMENT TO BE USED (IF THE CLAIM IS SUCCESSFUL) The service provides a secure and convenient way for public sector organisations to destroy data held on hard drives and storage media and meet their obligations under: The Security Policy Framework Mandatory Requirement 45 Secure Disposal for IT Equipment, The Code of Connection (CoCo for Local Authorities), UK and EU Data Protection Legislation including the Data Protection Act. Service features and options include: On-site and off-site service provision Shredding, degaussing of magnetic media or secure overwriting Environmental recycling of media and IT equipment Serial numbered asset-tracking Destruction Certificates and Waste Transfer Notes Data Eliminate Ltd operates an Integrated Management System (IMS) independently audited by UKAS certified inspectors incorporating: ISO 27001:2005 Information Security Management System ISO 14001:2004 Environmental Management System ISO 9001:2008 Quality Management System For this CCT Mark Service no security claims are made for media marked at IL4 or above. **End of Document** 15 April 2011 Version 1-3 Page 11 of 11
Secure Mobile Shredding and. Solutions
Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled
More informationHow To Destroy Data From A Hard Drive
Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Whether you require data destruction supplementary or exclusively to our IT disposal solution, our fully security screened
More informationOUR SERVICES... SUPPLY CHAIN SERVICES ONSITE SERVICES IT RECYCLING SERVICES
SERVICES OVERVIEW OUR SERVICES... ONSITE SERVICES Onsite Shredding Services Onsite Data Erasure Services Onsite Document Destruction Services Onsite Hard Drive Destruction Services Data Centre Decommissioning
More informationFujitsu Asset Lifecycle Management Services
Fujitsu Asset Lifecycle Management Services Reshaping ICT, Reshaping Business Contents 1.1 Introduction 3 1.2 Our approach 4 1.2.1 Fujitsu differentiators 5 1.3 Capability 6 1.3.1 Compliance 6 1.3.2 Tools
More informationCD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services
Destruction and Recycling Services An ISO 9002-compliant company Audited 100% data destruction and green recycling 2014 Commercial Catalog Edition 2014 www.cdrominc.com CD Rom, Inc. Table of Contents About
More informationDestruction and Disposal of Sensitive Data
Destruction and Disposal of Sensitive Data Good Practice Guidelines Version: 3.0 Date: March 2015 1 Copyright 2015, Health and Social Care Information Centre. Contents 1. Introduction 3 1.2 Aims and Objectives
More informationINFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY
INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY Version: 1.4 Ratified by: Date Ratified: 14 October 2014 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued:
More informationNATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised:
NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12 Issue Date: 15 December 2014 Revised: NSA/CSS STORAGE DEVICE SANITIZATION MANUAL PURPOSE AND SCOPE This manual provides guidance
More informationUNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.
CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION Version 1.0 Crown Copyright 2012 All Rights Reserved Page 1 Document History Version Date Description 0.1 June 2012 Initial Draft Version 1.0 July
More informationHarbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008
Document version: 2.8 Issued to: Harbinger Escrow Services Issued by: Harbinger Group Pty Limited Delivered on: 18 March 2008 Harbinger Group Pty Limited, Commercial in Confidence Table of Contents 1 Introduction...
More informationCPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE
12040940 CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE Version 0.3 Crown Copyright 2012 All Rights Reserved CPA Security Characteristics for Data Sanitisation - Flash Based Storage
More informationOther terms are defined in the Providence Privacy and Security Glossary
Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
More informationIT ASSET DISPOSAL ISO 27001. ISO 14001 Registered Environmental Management. ISO 9001 Registered Quality Management
ISO 27001 IT ASSET DISPOSAL ISO 14001 Registered Environmental Management Registered Information Security Management ISO 9001 Registered Quality Management CONTENTS PAGE 04 WHO ARE STONE? PAGE 05 IT ASSET
More informationAsset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business
Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business Allow AMI to unlock the value in your redundant IT equipment by extending the lifecycle of your
More informationProtecting Data in Decommissioned IT Assets: Factors, Tools and Methods
SECURIS SM Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods Information Systems Security Association (ISSA) Baltimore Chapter Monthly Meeting January 27, 2016 Hugh McLaurin, CSDS
More informationIT Trading UK Ltd Computer & IT Equipment Disposal Specialists
IT Trading UK Ltd Computer & IT Equipment Disposal Specialists Unit 4A Scott's Close, Downton Business Centre, Downton, Salisbury, Wiltshire, SP5 3RA Tel: 01725 513403 Fax: 01725 513714 Email: info@it-trading.co.uk
More informationUniversity of Liverpool
University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014
More informationForm #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services
Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.
More informationCITY UNIVERSITY OF HONG KONG. Information Classification and
CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification
More informationNo More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt.
No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt. Data disposal can be a tricky path to navigate. You re looking for an answer, but there aren t many that are 100% reliable, can
More informationSOAS Controlled Procedure CP-PP06 IT Asset Management Procedure
SOAS Controlled Procedure CP-PP06 IT Asset Management Procedure Page 1 of 6 Martin Whiteside Version 1.1 March 2015 CP-PP06 IT Asset Management Procedure 1 Document Overview This document provides the
More informationNHS Information Governance:
NHS Information Governance: Information Risk Management Guidance: Maintenance and Secure Disposal of Digital Printers, Copiers and Multi Function Devices Department of Health Informatics Directorate July
More informationPolicy for the Re-use and Disposal of Computers, other IT Equipment and Data Storage Media
Policy for the Re-use and Disposal of Computers, other IT Equipment and Data Storage Media The University has legal obligations to ensure that all computers, IT equipment, and data storage media (e.g.
More informationUMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05
UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 I. POLICY STATEMENT Increasing amounts of electronic data are being transmitted and stored on computer systems and electronic media by virtually
More informationWalton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1.
Page 1 Walton Centre Asset Management Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt 06/01/2004 1.1 L Wyatt Addition of storage media 16/03/2005 1.2 Liam Wyatt Update storage
More informationChallenges and Solutions for Effective SSD Data Erasure
Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional
More informationSCANNING STORAGE SHREDDING WORKFLOW IT RECYCLING. www.phsdatasolutions.co.uk. www.phsdatasolutions.co.uk
SCANNING STORAGE SHREDDING WORKFLOW IT RECYCLING DATA SCANNING Data is the lifeblood of many businesses and organisations, access to which is imperative to its productivity and its success. Organising
More informationSTANDARD 3-8 WORKING DAYS
TecLeo DATARECOVERYLAB HELPING Y OU LO O K AFTER YO U R DATA V.A.T. REG. NO. 4410173209 20 Uitzicht Office Park, 5 Bellingham Street, Centurion, 0157 Price List DATA RECOVERY Deloud (Pty) Ltd Data Recovery
More informationBACKUP SECURITY GUIDELINE
Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationLife Cycle of Records
Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationInformation Security Plan effective March 1, 2010
Information Security Plan effective March 1, 2010 Section Coverage pages I. Objective 1 II. Purpose 1 III. Action Plans 1 IV. Action Steps 1-5 Internal threats 3 External threats 3-4 Addenda A. Document
More informationGrasmere Primary School Asset Management Policy
Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationGuidelines on Digital Forensic Procedures for OLAF Staff
Ref. Ares(2013)3769761-19/12/2013 Guidelines on Digital Forensic Procedures for OLAF Staff 1 January 2014 Introduction The OLAF Guidelines on Digital Forensic Procedures are internal rules which are to
More informationSamsung WEEE Management Policy (US and Canada)
Samsung WEEE Management Policy (US and Canada) 1. Purpose These requirements aim to minimize environmental impacts caused by all Electronic Waste generated by Samsung's US and Canadian operations and programs,
More informationECONOMY 10-15 WORKING DAYS STANDARD 3-8 WORKING DAYS
TecLeo DATARECOVERYLAB H ELPING Y OU LO O K AFTER YO U R DATA V.A.T. REG. NO. 4410173209 20 Uitzicht Office Park, 5 Bellingham Street, Centurion, 0157 DATA RECOVERY Data Recovery & Data Destruction Price
More informationUnderstanding Data Destruction and How to Properly Protect Your Business
Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business I. Abstract This document is designed to provide a practical
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationPOLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.
POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University
More informationSECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationState of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:
State of Vermont Digital Media and Hardware Disposal Standard Date: Approved by: Policy Number: 1.0 INTRODUCTION... 3 1.1 Authority... 3 1.2 Scope and Purpose:... 3 2.0 STANDARD... 3 2.1 Preface... 3 2.2
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationdocument destruction Our passion.
document destruction Your office. Our passion. safeguard Our secure destruction service meets all the necessary compliances and helps to support ISO 9001, ISO 14001 and CSR objectives as well as improving
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationTechnical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization
TECHNICAL REFERENCE DOCUMENT Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization Recommendations Key Points: of the National Real world compliance
More informationThe guidance applies to all records, regardless of the medium in which they are held, including e-mail, spreadsheets, databases and paper files.
Best Practice in Disposing of Records For whom is this guidance intended? This guidance is intended for all University staff that need to dispose of records, on an occasional or regular basis. It is likely
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationThat s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.
Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20
More informationThis article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008.
Designing a Co m p l i a n t Re c o r d Retention Policy for Your Business This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. by Jenna
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationMEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER
MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER EXECUTIVE SUMMARY The combination of an increasingly mobile workforce and rapid technology innovation means organisations must work harder
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationApproved By: Agency Name Management
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Media Protection Policy Every 2 years or as needed Purpose: The intent of the Media Protection Policy is to ensure the
More informationGuidance on Personal Data Erasure and Anonymisation 1
Guidance on Personal Data Erasure and Anonymisation Introduction Data users engaged in the collection, holding, processing or use of personal data must carefully consider how to erase such personal data
More informationInformation Technology Acceptable Usage Policy
Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly
More informationالدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات
- البحرين الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات Agenda The problem Traditional Methods Case Study Recommendation The problem What
More informationInformation Technology Policy and Procedures
Information Technology Policy and Procedures Responsible Officer Author Ben Bennett, Business Planning & Resources Director Policy Development Group Date effective from April 2005 Date last amended February
More informationPayment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationAbout this Tool Information Security for Residents...
About this Tool Information Security for Residents... Purpose: Provide materials to inform and educate Residents in order to reach compliance regarding information security. Audience: New Residents Information
More informationElectronic Data Retention and Preservation Policy 1
1 Purpose and Scope The purpose of this policy is to: Identify the types of College-related electronic information, including the location of the information; Identify what departments or individuals are
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationInformation retention and disposal guide. Date: 31 October 2014 Version: 2.0
Information retention and disposal guide Date: 31 October 2014 Version: 2.0 Contents 01. Guidelines The data challenge 5 Compliance what is it and why is it important? 6 The compliant data journey 7 Case
More information28400 POLICY IT SECURITY MANAGEMENT
Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationMobile Phone Device Policy
Version 2.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationCredit Card Processing and Security Policy
Credit Card Processing and Security Policy Policy Number: Reserved for future use Responsible Official: Vice President of Administration and Finance Responsible Office: Student Account Services Effective
More informationSECURITY POLICIES AND PROCEDURES
2014 WorldEscrow N.V./S.A. SECURITY POLICIES AND PROCEDURES This document describes internal security rules within the WorldEscrow N.V./S.A. organization. Content 1) Employee Responsibilities... 1 2) Use
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationMedia Disposition and Sanitation Procedure
Media Disposition and Sanitation Procedure Revision History Version Date Editor Nature of Change 1.0 11/14/06 Kelly Matt Initial Release Table of Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope...
More informationShredding. Security. Recycling
Shredding Security Recycling WHO WE ARE PHS Datashred has the knowledge, capability and experience to ensure the safe and secure disposal of your confidential material. Trusted by over a third of FTSE
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationAngard Acceptable Use Policy
Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationEnterprise Information Security Procedures
GHL Network Services Ltd Enterprise Information Security Procedures Prepared By Nigel Gardner Date 16/11/09 1 Contents 1. Openwork s Information Security Policy...3 2. Enterprise Information Security Procedures...3
More informationSolid-State Drives with Self-Encryption: Solidly Secure
Solid-State Drives with Self-Encryption: Solidly Secure 09/22/2011 Michael Willett Storage Security Strategist SAMSUNG SOLID STATE DRIVES Solid-State Drives SSD ADVANTAGES SOLID STATE DRIVES Save $$ on
More informationScotland s Commissioner for Children and Young People Records Management Policy
Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationDefense Logistics Agency. Turn-in Guidance for Disposition of Unclassified Computer Hard Drives
Defense Logistics Agency Turn-in Guidance for Disposition of Unclassified Computer Hard Drives 1 Foreword It is very important to check all your computer equipment and property prior to turn-in to the
More informationData Security Policy
Policy Number: Revision Number: 0 QP1.44 Date of issue: March 2009 Status: Approved Date of approval: April 2009 Responsibility for policy: Responsibility for implementation: Responsibility for review:
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationThe nation s largest privately held records and information management company
The nation s largest privately held records and information management company Our mission is clear: to lead the records and information management industry by providing our clients the very best service.
More informationIndustry Security Notice
Industry Security Notice Number 2010 / 01 Subject: Handling MOD Personal Data Introduction: 1. This Industry Security Notice reiterates policy and clarifies guidance on the Protective Marking, Impact Levels,
More informationA guide to our recycling And waste management services
A guide to our recycling And waste management services SITA UK provides recycling and waste management services for more than 40,000 organisations across the UK These organisations choose SITA UK because
More informationEncryption Policy Version 3.0
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationOctober 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V
October 2015 Issue No: 1.1 Security Procedures Windows Server 2012 Hyper-V Security Procedures Windows Server 2012 Hyper-V Issue No: 1.1 October 2015 This document describes the manner in which this product
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationInformation Security Policy
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More information2.2 Access to ICT resources at the Belfast Metropolitan College is a privilege, not a right, and all users must act honestly and responsibly.
1 Purpose The purpose of this document is to set out the College's policy and provide guidance relating to the responsible use of the College's ICT resources and systems. 2 General 2.1 Belfast Metropolitan
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationSecure Data Destruction
Secure Data Destruction Secure Data Elimination (Degauss) Onsite Magnetic Degaussing service eliminates data from Tape and Magnetic Hard Disk media Portable machines allow for degaussing to be competed
More informationIT Heath Check Scoping guidance ALPHA DRAFT
IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance
More informationHIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
More information