MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0"

Transcription

1 MAJOR PROJECTS CONSTRUCTION SAFETY SECURITY MANAGEMENT PROGRAM STANDARD HS-09 Document Owner(s) Tom Munro Project/Organization Role Supervisor, Major Projects Safety & Security (Canada) Version Control: Version Date Author Change Description Rev. 0 June 13, 2008 Tom Munro Originating Document

2 MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 CONTENTS PAGE 1.0 PURPOSE... 3 Security Governance SCOPE RESPONSIBILITIES Major Projects Safety Department Major Projects Safety Coordinator Project Management (Off-Site) Project Management (Site) Project Craft Inspection Staff Project Safety Inspection Staff REFERENCES DEFINITIONS & ABBREVIATIONS Definitions Abbreviations STANDARDS Security Management Program Security Risk Management Security Incident Management Physical Security Site Specific Security Plan Requirements Change Management Process Validation and Evaluation ATTACHMENTS... 16

3 1.0 PURPOSE Security Governance The Enbridge Major Projects Security Plan is intended to reduce the vulnerability of employees, contractors, and facilities to security threats. Security governance involves setting organizationwide policies and procedures that define how the Security Management Plan should be appropriately integrated into the overall management systems of Enbridge and the Prime Contractor. Security governance includes management commitment and accountability. Security Policies and Procedures provide clear direction, commitment, responsibility, oversight and define the security environment for Enbridge and the Prime Contractor. 2.0 SCOPE This Standard applies to all Enbridge Major Projects. 3.0 RESPONSIBILITIES 3.1 Major Projects Safety Department Make provisions for continuous improvement, oversight, and review of the construction Security Management Program. Develop and maintain Standards and Templates that provide clear direction, accountability, and oversight for the construction Security Management Plans. Review the Project Security Management Plan prior to distribution 3.2 Major Projects Safety Coordinator Coordinate the development of the Project Security Management Plan by Enbridge Project Management. 3.3 Project Management (Off-Site) Ensure full implementation of all provisions of the Enbridge Inc. Enterprise Security Policy. Verify a Project Security Management Plan is developed for each project. Review the Project Security Management Plan prior to distribution Verify that the project is compliant with the standards contained within the Project Security Management Plan through auditing and observation Make available sufficient resources to provide ongoing technical support and training for the Prime Contractor in the identification and implementation of project-specific requirements pursuant to the provisions of the Security Management Program. Page 3 of 16

4 3.4 Project Management (Site) Develop and approve the Project Security Management Plan prior to mobilization. Complete regular revisions of the Project Security Management Plan as project conditions change. Make Contractors aware of the standards in the Project Security Management Plan. Sufficient resources to ensure that the Prime Contractor is in compliance with the overall Security Management Plan. 3.5 Project Craft Inspection Staff Review, implement and maintain the standards in the Project Security Management Plan 3.6 Project Safety Inspection Staff Coordinate the implementation, coordination, distribution and communication of the standards in the Project Security Management Plan. Make certain the Project Security Management Plan is current 4.0 REFERENCES Enbridge Inc. Enterprise Security Policy Enbridge Inc. Security Vulnerability Assessment Methodology and Physical Security Survey Guidelines Security Guidelines for the Petroleum Industry - American Petroleum Institute (API), 2003 Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries - American Petroleum Institute (API)/ National Petroleum & Refiners Association, 2003 Security Guidelines Natural Gas Industry Transmission and Distribution - Interstate Natural Gas Association of America, American Gas Association, American Public Gas Association, September 6, DEFINITIONS AND ABBREVIATIONS 5.1 Definitions The following definitions apply in this Standard: Access Control The control of persons, vehicles and materials through entrances and exits of a protected area: an aspect of security that often utilizes hardware systems and specialized procedures to control and monitor movements into, out of, and within a protected area. Access to various areas may be limited to place or time, or a combination of both. Page 4 of 16

5 5.1.2 Adversary Any individual, group, organization, or government that conducts activities, or has the intention and capability to conduct activities detrimental to critical assets. An adversary could include intelligence services of host nations, or third party nations, political and terrorist groups, criminals, rogue employees, and private interests. Adversaries can include site insiders, site outsiders, or the two acting in collusion Alert Levels Asset Describes a progressive, qualitative measure of the likelihood of terrorist actions, from negligible to imminent, based on government or company intelligence information. Different fixed or variable security measures may be implemented based on the level of threat to the facility. Any person, environment, facility, material, information, business reputation, or activity that has a positive value to an owner. The asset may have value to an adversary, as well as an owner, although the nature and magnitude of those values may differ. Assets in the SVA include the community and the environment surrounding the site Asset Characterization The systematic identification and ranking of facility assets that, if destroyed or damaged due to criminal activity or other hazards, could potentially result in significant adverse consequences to the owner/operator. Asset characterization can include surrounding and supporting infrastructure Countermeasures An action taken or a physical capability provided whose principal purpose is to reduce or eliminate one or more vulnerabilities. The countermeasure may also affect the threat(s) (intent and/or capability) as well as the asset s value. The cost of a countermeasure may be monetary, but may also include non-monetary costs such as reduced operational effectiveness, adverse publicity, unfavourable working conditions, and political consequences Critical Facilities Systems and assets, whether physical or virtual, so vital to the company that the incapacity or destruction of such systems and assets would have a debilitating impact on people, the environment, property, or the economic viability of the company Critical Infrastructure Systems and assets, whether physical or virtual, so vital to Canada that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters. Page 5 of 16

6 5.1.9 Intrusion Detection System A system combining mechanical or electrical components to perform the functions of sensing, controlling, and announcing unauthorized entry into areas covered by the system Perimeter An outer limit or boundary that protects another area Physical Security Risk Security systems and architectural features that are intended to improve protection. Examples include fencing, doors, gates, walls, turnstiles, locks, motion detectors, vehicle barriers, and hardened glass. The potential for damage to or loss of an asset. Risk, in the context of process security, is the potential for catastrophic outcome to be realized Risk Analysis A detailed examination including risk assessment, risk evaluation, and risk management alternatives, performed to understand the nature of unwanted, negative consequences to human life, health, property, or the environment; an analytical process to provide information regarding undesirable events; the process of quantification of the probabilities and expected consequences for identified risks Security Governance A documented management framework to ensure that security threats to business operations are identified and associated risks are managed with appropriate safeguards and response procedures to minimize the impact of security occurrences adversely affecting people, property, the environment and economy Security Management Program An on-going process to ensure that security threats and associated risks are identified and managed with appropriate mitigation and response procedures to prevent and minimize the impact of security incidents adversely affecting people, environment, property and the economic stability Security Incident A security-related occurrence or action likely to lead to death, injury, or monetary loss. An assault against an employee, customer, or supplier or company property would be one example of a security incident Security of Information Information obtained or developed in the conduct of security activities. Page 6 of 16

7 Security Vulnerability Assessment (SVA) A systematic, analytical process in which potential security threats and vulnerabilities to facility or system operations are identified and the likelihood and consequences of potential adverse events are determined. NOTE: Threat SVAs can have varying scopes and can be performed at varying levels of detail depending on the operator's objectives. For information on an industry specific SVA methodology see the American Petroleum Institute Security Guidelines for the Petroleum Industry at Any indication of impending harm or danger, circumstance, or event with the potential to cause the loss of, or damage to an asset. Threat can also be defined as the intention and capability of an adversary to undertake actions that would be detrimental to assets. A threat can also be a declaration of an intention or determination to cause harm Vulnerabilities Any weakness that can be exploited by an adversary to gain access to an asset. Vulnerabilities can include but are not limited to building characteristics, equipment properties, personnel behaviour, locations of people, equipment and buildings, or operational and personnel practices. 5.2 Abbreviations The following abbreviations apply in this Standard: SCADA...Supervisory Control and Data Acquisition SMP...Security Management Program SVA...Security Vulnerability Assessments Page 7 of 16

8 6.0 STANDARDS 6.1 Security Management Program Enbridge Major Projects and the Prime Contractor shall have a documented Security Management Plan to ensure that security incidents and threats to business operations are identified and associated risks are managed with appropriate safeguards and response procedures to minimize the impact of security incidents adversely affecting people, property, the environment, or the economic viability of Enbridge and the Prime Contractor. The requirements of this Security Management Plan are intended to be applicable to Enbridge, the Prime Contractor, and all third-party Contractors regardless of their role in a construction project. These requirements shall be integrated into the overall construction management system for Enbridge and the Prime Contractor. The Major Projects Safety department will be responsible for the construction Security Program, including program development and oversight. Each project will be responsible for development of a Project-Specific Security Plan, and its effective implementation. The Enbridge Corporate Security department will provide specialist advice and support to Major Projects as required Prime Contractor Accountability The Prime Contractor shall establish a framework of security management leadership accountability. This framework shall establish roles and responsibilities for the control, review, continuous improvement and approval of the entire Security Management Plan across pipeline and facility construction projects based on the Enbridge Security Vulnerability Assessment methodology and Physical Security survey guidelines Baseline Practices The Prime Contractor should establish security governance practices that include: a) Contracts and Agreements with external entities that address the Security Policy of the Prime Contractor with business partners and third parties b) Other policies and procedures, as needed to ensure coordination and integration with the Security Management Program. 6.2 Security Risk Management General The Risk Management process is a regimented environment which allows for proactive decision making in addressing risks to both Enbridge and the Prime Contractor. The loss or impairment of an asset is assessed systematically and regularly, and appropriate security measures are implemented and monitored. Assets are categorized into levels of importance. The Prime Contractor identifies and classifies security risks in order to develop and implement strategies and security controls to eliminate or mitigate risks to assets. Risk is continually assessed during the construction project by determining likelihood of potential threats, and impact if realized. Page 8 of 16

9 6.2.1 Risk Management Process The Prime Contractor shall develop, communicate internally, and at regular intervals review/update: a) a formal, documented Risk Management process which includes policy, purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance with regulatory requirements b) formal and documented procedures to ensure objectives of the Risk Management process are being achieved Methodology Enbridge shall identify and implement a Security Risk Management methodology which incorporates asset characterization, threat, vulnerability and risk assessments. The methodology shall include security countermeasure strategies to eliminate or mitigate risk, with the Prime Contractor also having the ability to progressively react to security needs commensurate to the threat environment. The methodology shall include a process for determining criticality of assets. This will include an evaluation of criticality (dependence) of each asset by taking into account people, the environment, and economic stability. This process shall: a) be reviewed at regular intervals and updated as necessary. b) be linked to the threat assessment, recent security incidents having occurred, or as changes within the construction project are made. c) identify assets and ascertain the impact to the Prime Contractor and Enbridge if any assets considered critical to the construction project are damaged, destroyed, or lost by any specific hazard, including assets considered critical to the construction project. d) include criteria to establish levels of consequence, whereby a value is assigned to the dependence on the asset. This process should: a) identify and address any critical requirements, such as contractual, regulatory, or legislative requirements. b) consider time factors if certain assets become more important at different times during the construction project Threat Assessment Enbridge shall develop and implement a documented process to identify any current and potential threats which could result in the loss or damage to an asset. A threat assessment shall: a) consider all relevant information from both internal and external sources. b) be reviewed and updated at regular intervals, or as circumstances require. Page 9 of 16

10 6.2.3 Threat Assessment Enbridge shall develop and implement a documented process to identify any current and potential threats which could result in the loss or damage to an asset. A threat assessment shall: a) consider all relevant information from both internal and external sources. b) be reviewed and updated at regular intervals, or as circumstances require. 6.3 Security Incident Management General Security Incident Management addresses the capability of the Prime Contractor to respond to security-related threats and incidents. Security Incident Management is dependent on implementing processes and procedures for incident response, monitoring, handling, reporting, and recovery. This component of the Security Management Plan shall describe or reference the site-specific security response, Emergency Response Plans, and any Business Continuity Plans where applicable Process The Prime Contractor shall develop a formal, documented, Security Incident Management process that specifies how the Prime Contractor will respond to, recover from, and de-escalate security-related threats or incidents Planning Security Incident Management planning shall include: a) providing employees and third party Contractors with Security Incident Response procedures, which may include bomb threats, mail handling, suspicious packages, workplace violence, theft, securing evidence, trespassing, asset destruction, or other security-related incidents. b) notification procedures to be followed in the event of a suspected threat and address specifically how to report the incident, who to notify, and what response should be undertaken. c) identifying appropriate local, provincial, and federal agencies to contact in the event of a suspected security threat or incident. d) creating a communication plan that details communications procedures, capabilities, and resources, and containing a telephone list of various contacts, including regulatory and Enbridge contacts requiring notification in a security emergency. e) creating an incident report log and records preservation system to serve as an official record of actions and lessons learned for the post-incident review. f) an outline on how the Prime Contractor will coordinate with other agencies, including with Enbridge, in response to a security incident. Page 10 of 16

11 6.3.3 Incident Documentation The Prime Contractor shall document security-related threats and incidents which will be maintained for inspection by the appropriate local, provincial, and federal agencies, and Enbridge Records and Documentation The Prime Contractor shall manage all security records and documentation for compliance to the Company s security and privacy policies, as well as appropriate legislation and regulation. The Prime Contractor shall ensure all material records and documentation; maintain a controlled auditable inventory that provides for appropriate event logging Incident Response The Prime Contractor shall develop and implement a mitigation strategy that includes measures to be taken to limit or control the consequences of a security related incident Incident Reporting The Prime Contractor shall develop and implement security incident reporting criteria and procedures to notify the law enforcement agency of jurisdiction, and other appropriate agencies, and Enbridge of security related incidents. All incidents will be reported following the incident reporting protocols outlined in the Construction Safety Manual External Reporting Enbridge and the Prime Contractor shall follow the Suspicious Reporting Criteria provisions of the Enbridge Inc. Enterprise Security Policy. Any incident that has the potential to disrupt the schedule of the project or the integrity of the system shall be reported to the regulator immediately Security Threats Enbridge and the Prime Contractor shall have a process in place to communicate to employees and on-site personnel information related to potential security threats. The Prime Contractor and Enbridge shall follow the Threat Warning Criteria as detailed in the Enbridge Security Vulnerability Assessment Methodology and Physical Security Survey Guidelines Evacuation Planning The Prime Contractor shall include provisions to direct people away from the construction site, including provisions to account for personnel and visitors that have been evacuated from the construction site. All evacuation planning will be done in accordance with the Construction Safety Manual. Page 11 of 16

12 Investigations The Prime Contractor, with support from Enbridge, shall develop and implement incident investigation procedures for security-related incidents. 6.4 Physical Security Based on the security risk management process, the Prime Contractor shall consider and document decisions made with respect to the implementation of physical security measures for all phases of the construction project. The following physical security elements shall be included where appropriate, based on the risk management process: a) fences and gates b) appropriate signage stating No Trespassing should be posted, including signage at a main gate advising of a contact number for a designated construction contact c) lighting d) protection of critical inventory, equipment, and tools, including i. periodic inventories of equipment, tools, spare parts and explosives ii. proper locks on storage containers iii. key controls iv. anti-theft devices such as tracking systems and theft prevention locks on all pieces of heavy equipment v. weld the Prime Contractor company name and phone number on buckets, boom and frames of heavy equipment vi. wheel lock systems to prevent theft of compressors, generators, and lighting platforms vii. use of a pintle-hitch lock to a hitch to protect trailers viii. marking of tools for identification and proof of ownership e) construction site access control vehicles and people f) sign-in and sign-out procedures g) procedures for the management of deliveries and removal of inventory, equipment and other supplies h) after-hours security procedures i) visitor escorts j) the need for a contract guard force k) interfacing of security procedures with existing Enbridge Operations security requirements, pursuant to Operations and Maintenance Procedures Book 7: Emergency Response. Page 12 of 16

13 6.5 Site Specific Security Plan Requirements General Security measures should reflect the location, risk and criticality of the assets that require protection. Risks to people, the environment, assets or economic stability all need to be considered when determining the degree of physical security that is required. Where practical, the requirements of the security plan will be in alignment with the requirements of the Project Specific Safety Management Plan Responsibilities The plan will identify individuals responsible foe the development, implementation and review of the Project Specific Security Plan Orientation and Training Enbridge and the Prime Contractor shall establish, implement, document and maintain a security training and awareness process. The security training and awareness process will be provided to all appropriate employees and on-site personnel as part of the site-specific orientation Incident Response The Project Specific Security Plan will identify specific project-related measures to be taken to limit or control the consequences of a security related incident Incident Reporting The Project Specific Security Plan will identify procedures to notify the law enforcement agency of jurisdiction, and other appropriate agencies, and Enbridge of security related incidents External Reporting Enbridge and the Prime Contractor shall follow the Suspicious Reporting Criteria provisions of the Enbridge Inc. Enterprise Security Policy Security Threats The Project Specific Security Plan will identify the process in place to communicate to employees and on-site personnel information related to potential security threats. The Prime Contractor and Enbridge shall follow the Threat Warning Criteria as detailed in the Enbridge Security Vulnerability Assessment Methodology and Physical Security Survey Guidelines Evacuation Planning The Project Specific Security Plan will identify provisions to direct people away from the construction site, including provisions to account for personnel and visitors that have been evacuated from the construction site in accordance with the Project Specific Safety Management Plan. Page 13 of 16

14 6.5.8 Investigations The Prime Contractor, with support from Enbridge, shall develop and implement incident investigation procedures for security-related incidents Employee and Third-Party Termination Enbridge and the Prime Contractor shall develop, document and implement processes and procedures around voluntary and involuntary termination of employees or on-site personnel. 6.6 Change Management Process General Change Management refers to activities that support both organizational and external changes that may impact the Security Management Plan. Change Management is a systematic process used to ensure that internal and external changes are continuously evaluated in order to assess the potential impact the change will have on the Security Management Program. Change should be considered in relation to all provisions of this guideline to ensure that Enbridge and the Prime Contractor can most effectively allocate resources to manage security risks and minimize adverse impacts Process Enbridge and the Prime Contractor shall develop, document and implement a process for the management of changes that could have a significant impact on the effectiveness of the Security Management Plan. These include those changes that are initiated by Enbridge or the Prime Contractor, such as: a) Organizational changes, such as changes to organizational structure and key personnel. b) Ownership change. c) Changes to construction sites, equipment and technology. d) Changes in construction procedures or practices, including maintenance activities. e) Changes in construction conditions that may affect security risk prioritization or mitigation. f) Changes in security methods, practices, or procedures. g) Any other changes initiated by the Prime Contractor or Enbridge. Those that are not initiated and controlled by Enbridge or the Prime Contractor, such as: a) Changes to industry standards, industry recommended practices or regulations. b) Physical environment changes. c) Any other changes initiated by others which could impact the construction project. Page 14 of 16

15 6.6.2 Structure The Change Management process shall include: a) the identification of any changes that could affect the Security Management Plan, including employee or third-party termination. b) setting responsibilities and authorities for the review, approval and implementation of changes. c) documentation of reasons for change. d) analysis of implications and effects of the changes. e) communication and timing of the changes to affected parties. 6.7 Validation and Evaluation General Regular Security Management Plan evaluation is necessary to ensure compliance with security policies, procedures, and responses. In addition, regular evaluation also ensures that the Plan actually provides the intended result Review Enbridge and the Prime Contractor shall conduct a formal review of the Security Management Plan at regular intervals during the construction project. The review shall verify the Plan s continuing suitability, adequacy, and effectiveness, and identify opportunities for improvement and the need for changes to the Security Management Plan. Enbridge and the Prime Contractor shall also conduct reviews following: a) any significant changes to the Security Management Plan. b) any significant changes to the construction project. c) any significant security incident at either the construction site or a similar construction site owned by another company Review Input The Security Management Plan review shall include information from: a) results of audits. b) internal and external stakeholder feedback. c) process performance and conformance to the requirements of the Security Management Program and specific project Security Plan. d) status of preventive and corrective actions. e) follow-up actions and recommendations from previous reviews. f) changes that could affect the Security Management Plan. g) recommendations for improvement Page 15 of 16

16 6.7.3 Review Output The output from the Security Management Plan review shall include any decisions and actions related to: a) improvement of the effectiveness of the Security Management Plan. b) compliance with all applicable regulatory requirements. c) implementation of the Security Management Plan. d) resource needs Control of Non-Conformance Records Enbridge and the Prime Contractor shall establish and maintain procedures for defining responsibility and authority for handling and investigating nonconformance, taking action to mitigate any impacts, and for initiating and completing corrective and preventive actions. The process shall include a process for dispute resolution. Enbridge and the Prime Contractor shall maintain records of the formal review, including non-conformance and subsequent actions. 7.0 ATTACHMENTS Page 16 of 16

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES

REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES Definitions 1. In these requirements: C-NLOPB means the Canada-Newfoundland and Labrador Offshore Petroleum Board; Chief Safety Officer means

More information

ISMS Implementation Guide

ISMS Implementation Guide atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation

More information

Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF)

Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF) Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF) Technical Guideline Audit and Inspection Version 2.0 February 2012 Table of Contents 1. Introduction... 3 2. Definitions... 3 3. Internal Audit... 3 3.1

More information

Brain-CODE. Security Policies. Version 1.4

Brain-CODE. Security Policies. Version 1.4 Brain-CODE Security Policies Version 1.4 May 09, 2014 Brain-CODE Information Security Policy May 09, 2014 Introduction Information stored in Brain-CODE is an asset that OBI has a duty and responsibility

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

Your Agency Just Had a Privacy Breach Now What?

Your Agency Just Had a Privacy Breach Now What? 1 Your Agency Just Had a Privacy Breach Now What? Kathleen Claffie U.S. Customs and Border Protection What is a Breach The loss of control, compromise, unauthorized disclosure, unauthorized acquisition,

More information

Employee: Refers to all regular full-time, part-time, temporary, casual and fixed-term employees of the Company.

Employee: Refers to all regular full-time, part-time, temporary, casual and fixed-term employees of the Company. Policy Name: Corporate Security Policy Number: A140 Policy Owner: Director Global Security Policy Approver: Chief Legal Officer Approval Date: January 15, 2013 Policy Statement: The purpose of the Corporate

More information

Introduction. The steps involved in using this tool

Introduction. The steps involved in using this tool Introduction This tool is designed to cover all the relevant control areas of ISO / IEC 27001:2013. All sorts of organisations and Because it is a general tool, you may find the language challenging at

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Committed to Environment, Health, & Safety

Committed to Environment, Health, & Safety Committed to Environment, Health, & Safety Environment, Health, and Safety Management System and Policy of W.R. Grace & Co. January 1, 2015 The Grace Environment, Health, and Safety Management System,

More information

National Infrastructure Protection Center

National Infrastructure Protection Center National Infrastructure Protection Center Risk Management: An Essential Guide to Protecting Critical Assets November 2002 Summary As organizations increase security measures and attempt to identify vulnerabilities

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Palm Beach State College Security Plan

Palm Beach State College Security Plan Palm Beach State Security Plan Prepared by: J.E. Smith Date: September 17, 2008 INTRODUCTION This Security Plan describes the organization, activities, methodology, and documentation by which Palm Beach

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Section VI Principles of Laboratory Biosecurity

Section VI Principles of Laboratory Biosecurity Section VI Principles of Laboratory Biosecurity Since the publication of the 4th edition of BMBL in 1999, significant events have brought national and international scrutiny to the area of laboratory security.

More information

UF Risk IT Assessment Guidelines

UF Risk IT Assessment Guidelines Who Should Read This All risk assessment participants should read this document, most importantly, unit administration and IT workers. A robust risk assessment includes evaluation by all sectors of an

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

A Risk Assessment Methodology (RAM) for Physical Security

A Risk Assessment Methodology (RAM) for Physical Security A Risk Assessment Methodology (RAM) for Physical Security Violence, vandalism, and terrorism are prevalent in the world today. Managers and decision-makers must have a reliable way of estimating risk to

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Table of Contents ESF-12-1 034-00-13

Table of Contents ESF-12-1 034-00-13 Table of Contents Primary Coordinating Agency... 2 Local Supporting Agencies... 2 State, Regional, and Federal Agencies and Organizations... 2 Purpose... 3 Situations and Assumptions... 4 Direction and

More information

Shell s Health, Safety and Environment (HSE) management system (see Figure 11-1) provides the framework for managing all aspects of the development.

Shell s Health, Safety and Environment (HSE) management system (see Figure 11-1) provides the framework for managing all aspects of the development. Section 11.1 APPLICATION FOR APPROVAL OF THE DEVELOPMENT PLAN FOR NIGLINTGAK FIELD PROJECT DESCRIPTION INTRODUCTION 11.1.1 HSE MANAGEMENT SYSTEM Shell s Health, Safety and Environment (HSE) management

More information

Select Agent Program Workshop November 16, 2012. Agricultural Select Agent Program (USDA/APHIS) CDC Select Agent Program (HHS/CDC)

Select Agent Program Workshop November 16, 2012. Agricultural Select Agent Program (USDA/APHIS) CDC Select Agent Program (HHS/CDC) Select Agent Program Workshop November 16, 2012 Agricultural Select Agent Program (USDA/APHIS) CDC Select Agent Program (HHS/CDC) Revisions to Regulations 11 (a) through 11 (c)(7): (b) and (c)(2) changed

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Implementation of a Quality Management System for Aeronautical Information Services -1-

Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services Chapter IV, Quality Management

More information

Winning Initiatives and Best Practices for Physical Security

Winning Initiatives and Best Practices for Physical Security Winning Initiatives and Best Practices for Physical Security Today s Presentation 1. Using a risk-based strategy for security 2. The balanced security approach 3. Concentric circles of protection concept

More information

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...

More information

DUUS Information Technology (IT) Incident Management Standard

DUUS Information Technology (IT) Incident Management Standard DUUS Information Technology (IT) Incident Management Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-E 1.0 Purpose and Objectives Computer systems

More information

Performing Effective Risk Assessments Dos and Don ts

Performing Effective Risk Assessments Dos and Don ts Performing Effective Risk Assessments Dos and Don ts % Gary Braglia Security Specialist GreyCastle Security TCTC March 18, 2013 Introduction Who am I? Why Risk Management? Because you have to Because

More information

Security Guidelines for Premises Storing/Handling Security Sensitive Materials (SSMs) A-1

Security Guidelines for Premises Storing/Handling Security Sensitive Materials (SSMs) A-1 Security Guidelines for Premises Storing/Handling Security Sensitive Materials (SSMs) S/N Area of Interest Description Recommended Measures 1 Perimeter Security Perimeter barriers Perimeter barriers are

More information

OH&S Management Systems Audit Checklist (NAT, E3)

OH&S Management Systems Audit Checklist (NAT, E3) 3.1.2 3.1.1 Introduction OH&S Management Systems Audit Checklist (NAT, E3) This audit checklist is based on Element 3 (Implementation) of the National Self-Insurers OHS Audit Tool. For a full copy of the

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Emergency Preparedness Guidelines

Emergency Preparedness Guidelines DM-PH&SD-P7-TG6 رقم النموذج : I. Introduction This Guideline on supports the national platform for disaster risk reduction. It specifies requirements to enable both the public and private sector to develop

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

Procedure for Managing a Privacy Breach

Procedure for Managing a Privacy Breach Procedure for Managing a Privacy Breach (From the Privacy Policy and Procedures available at: http://www.mun.ca/policy/site/view/index.php?privacy ) A privacy breach occurs when there is unauthorized access

More information

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES by the American Chemical Society, Committee on Chemical Safety, Safe Practices Subcommittee Introduction Terrorism

More information

Data Privacy Framework

Data Privacy Framework Data Privacy Framework Table of Contents 1. INTRODUCTION...4 2. SCOPE & DEFINITIONS...4 2.1 SCOPE OF THE DATA PRIVACY FRAMEWORK...4 2.2 DEFINITIONS...4 3. SECURITY ORGANIZATION & RESPONSIBILITIES...4 3.1

More information

Risk Management Handbook

Risk Management Handbook Risk Management Handbook 1999 Introduction Risk management is the process of selecting and implementing countermeasures to achieve an acceptable level of risk at an acceptable cost. The analytical risk

More information

Legislative Language

Legislative Language Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

More information

Title: Rio Tinto management system

Title: Rio Tinto management system Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Summary of CIP Version 5 Standards

Summary of CIP Version 5 Standards Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

[Insert Company Logo]

[Insert Company Logo] [Insert Company Logo] Business Continuity and Disaster Recovery Planning (BCDRP) Manual 1 Table of Contents Critical Business Information 4 Business Continuity and Disaster Recover Planning (BCDRP) Personnel

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

October 2004. Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, Second Edition

October 2004. Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, Second Edition October 2004 Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, Second Edition October 2004 Security Vulnerability Assessment Methodology for the Petroleum and

More information

Homeland Security for Schools: Threat Status Alert Worksheet

Homeland Security for Schools: Threat Status Alert Worksheet for Schools: Threat Status Alert Worksheet The Green Alert Status reflects a low risk of terrorist attacks. The primary goal of a safe school plan is to safeguard schools against crime, violence and disruption.

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

June 2010 HEALTH, SAFETY, AND ENVIRONMENT MANAGEMENT SYSTEM (HSEMS)

June 2010 HEALTH, SAFETY, AND ENVIRONMENT MANAGEMENT SYSTEM (HSEMS) June 2010 HEALTH, SAFETY, AND ENVIRONMENT MANAGEMENT SYSTEM (HSEMS) TABLE OF CONTENTS PAGE PART I INTRODUCTION Corporate Health, Safety and Environment Policy.. 1 Purpose... 2 HSEMS Framework... 3 PART

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document. 2 of 34 Revision Summary Revision Number Date Description of Revisions Initial issue of the document. Table of Contents Item Description Page 1. Introduction and Purpose... 5 2. Project Management Approach...

More information

CTR System Report - 2008 FISMA

CTR System Report - 2008 FISMA CTR System Report - 2008 FISMA February 27, 2009 TABLE of CONTENTS BACKGROUND AND OBJECTIVES... 5 BACKGROUND... 5 OBJECTIVES... 6 Classes and Families of Security Controls... 6 Control Classes... 7 Control

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

Aviation Safety Policy. Aviation Safety (AVS) Safety Management System Requirements

Aviation Safety Policy. Aviation Safety (AVS) Safety Management System Requirements Aviation Safety Policy ORDER VS 8000.367A Effective Date: 11/30/2012 SUBJ: Aviation Safety (AVS) Safety Management System Requirements 1. This order provides requirements to be met by AVS and AVS services/offices

More information

Oil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach. www.thalesgroup.com/security-services

Oil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach. www.thalesgroup.com/security-services Oil & Gas Industry Towards Global Security A Holistic Security Risk Management Approach www.thalesgroup.com/security-services Oil & Gas Industry Towards Global Security This white paper discusses current

More information

State of Vermont. Physical Security for Computer Protection Policy

State of Vermont. Physical Security for Computer Protection Policy State of Vermont Physical Security for Computer Protection Policy Date Approved: 04-02-10 Approved by: Tom Pelham Policy Number: 0501.012005 Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose...

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Todd & Cue Ltd Your Business Continuity Partner

Todd & Cue Ltd Your Business Continuity Partner Todd & Cue Ltd Your Business Continuity Partner Preparation and Planning We provide strategies, tools and resources to help you prepare for a business interruption whether it is caused by fire, water,

More information

ENVIRONMENTAL, HEALTH & SAFETY MANAGEMENT SYSTEMS MANUAL

ENVIRONMENTAL, HEALTH & SAFETY MANAGEMENT SYSTEMS MANUAL September 7, 202 940. General Requirements (ISO 400 4.; OHSAS 800 4.).. Alcoa Fastening Systems Republic Operations (AFS Republic) has established, documented, implemented, maintains, and continuously

More information

Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries. May 2003

Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries. May 2003 Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries May 2003 May 2003 Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries

More information

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical

More information

RiskManagement ESIEE 06/03/2012. Aloysius John March 2012

RiskManagement ESIEE 06/03/2012. Aloysius John March 2012 RiskManagement MOTIS ESIEE 06/03/2012 Aloysius John March 2012 Risk Management is a Introduction Process for Project manager to identify factors that may more or less affect the success or the achievement

More information

A Comparison. Safety and Health Management Systems and Joint Commission Standards. Sources for Comparison

A Comparison. Safety and Health Management Systems and Joint Commission Standards. Sources for Comparison and Standards A Comparison The organizational culture, principles, methods, and tools for creating safety are the same, regardless of the population whose safety is the focus. The. 2012. Improving Patient

More information

PII Compliance Guidelines

PII Compliance Guidelines Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last

More information

COMPUTER SECURITY INCIDENT RESPONSE POLICY

COMPUTER SECURITY INCIDENT RESPONSE POLICY COMPUTER SECURITY INCIDENT RESPONSE POLICY 1 Overview The Federal Information Security Management Act (FISMA) of 2002 requires Federal agencies to establish computer security incident response capabilities.

More information

Domestic Shipping. Safety Management System. Company:

Domestic Shipping. Safety Management System. Company: Domestic Shipping Safety Management System Company: Contents: Introduction: 1.0 General 2.0 Safety and Environmental Protection Policies 2.1 Company Safety Policy 2.2 Company Environmental Protection Policy

More information

Guidelines for Setting up Security Measures to Stop Domestic Violence in the Workplace

Guidelines for Setting up Security Measures to Stop Domestic Violence in the Workplace Guidelines for Setting up Security Measures to Stop Domestic Violence in the Workplace As of June 15, 2010, all employers in Ontario are responsible for protecting workers when domestic violence follows

More information

Jonathan Wilson. Sector Manager (Health & Safety)

Jonathan Wilson. Sector Manager (Health & Safety) Jonathan Wilson Sector Manager (Health & Safety) OHSAS 18001:2007 Making Life Easier For Health & Safety Managers Workshop Agenda 1. Introduction 2. Why Manage Health & Safety 3. OHSAS 18001 and OHSMS

More information

NIST National Institute of Standards and Technology

NIST National Institute of Standards and Technology NIST National Institute of Standards and Technology Lets look at SP800-30 Risk Management Guide for Information Technology Systems (September 2012) What follows are the NIST SP800-30 slides, which are

More information

GLOBAL SECURITY STANDARD RISK MANAGEMENT NO. 2

GLOBAL SECURITY STANDARD RISK MANAGEMENT NO. 2 GLOBAL SECURITY STANDARD RISK MANAGEMENT NO. 2 DESIGNATION NAME SIGNATURE DATE REVIEWED BY: GSM TECHNOLOGY RUDI LOUW ORIGINAL SIGNED 11/12/2014 AUTHORISED BY: VP GLOBAL SECURITY BRIAN GONSALVES ORIGINAL

More information

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning for Schools, Departments & Support Units Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption

More information

SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK. A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL

SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK. A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is

More information

CRITICAL/NON CRITICAL INCIDENT MANAGEMENT AND REPORTING PROCEDURE

CRITICAL/NON CRITICAL INCIDENT MANAGEMENT AND REPORTING PROCEDURE CRITICAL/NON CRITICAL INCIDENT MANAGEMENT AND REPORTING PROCEDURE This procedure must be read in conjunction and interpreted in line with the Critical/Non Critical Incident Management and Reporting policy.

More information

Implementing a Framework

Implementing a Framework Implementing a Framework 44th Tennessee Higher Education Information Technology Symposium 2015 Greg Jackson Cyber Security Analyst Dynetics Inc. Information Systems Assessment Services (ISAS) www.dynetics.com

More information

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored

More information

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of

More information

Acknowledgements. Security Code Task Force 04. Sayer H. Al-Shammari TF Leader SABIC. Jassim Darwish Member GPIC. Mansour Al-Dosari Member Qapco

Acknowledgements. Security Code Task Force 04. Sayer H. Al-Shammari TF Leader SABIC. Jassim Darwish Member GPIC. Mansour Al-Dosari Member Qapco SECURITY CODE Document Number : GPCA-RC-C04 Original Issue: June 15, 2011 Re-issue Date: / / Approval: Dr. Abdul Wahab Al-Sadoun Revision Number: 00 Prepared / Reviewed by: Task Force 01 Ownership: Tahir

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Security Management Plan

Security Management Plan Effective Date: 03/2015 1 of 10 I. Table of Contents: I Table of Contents II Authority III Purpose & Scope IV Policy Statement V The Joint Commission Standards VI Performance Standards VII DUPD Services

More information

Guidelines 1 on Information Technology Security

Guidelines 1 on Information Technology Security Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) PURPOSE: The purpose of this procedure is to establish the roles, responsibilities, and communication procedures for the Computer Security Incident

More information

The anglo american Safety way. Safety Management System Standards

The anglo american Safety way. Safety Management System Standards The anglo american Safety way Safety Management System Standards 2 The Anglo American Safety Way CONTENTS Introduction 04 Anglo American Safety Framework 05 Safety in anglo american 06 Monitoring and review

More information