IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT
|
|
- Myra Watkins
- 8 years ago
- Views:
Transcription
1 Chairpersn and Subcmmittee Members AUDIT AND RISK SUBCOMMITTEE 6 AUGUST 2015 Meeting Status: Public Purpse f Reprt: Fr Infrmatin IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT PURPOSE OF REPORT 1 This reprt prvides a summary f Ernst & Yung s Infrmatin Technlgy Cntrl Envirnment Assessment and Recmmendatins reprt dated 7 January 2015 and prvides an update f prgress against the actin plan frmulated t address the matters raised. DELEGATION 2 The & Risk Subcmmittee has delegatin authrity t cnsider this reprt under the fllwing delegatin in the Gvernance Structure, Sectin C.3.7 Internal Reprting 7.4 T review the prcesses fr ensuring the cmpleteness and quality f financial and peratinal infrmatin, including perfrmance measures, being prvided t Cuncil. BACKGROUND 3 In accrdance with New Zealand ing Standards, Ernst & Yung has reviewed the current peratins f the Cuncil s Infrmatin Technlgy General Cntrls (ITGC) envirnment and cnsidered the aspects significant t the audit f Cuncil s LTP and the 2014/15 annual reprt. 4 With the assistance f external cntractrs (t prvide specialist advice) a frmal wrk prgramme was established t address these findings and assciated implicatins and this was tabled at the Subcmmittee meeting f 5 May. 5 Respnsibility fr the implementatin f the ITGC prgramme f wrk and its delivery has nw been brught within the Cuncil and will be delivered internally. Issues and Optins Issues Cntext f IT General Cntrl Envirnment Findings 6 Ernst & Yung has identified five issues that are cnsidered apprpriate fr review by the Senir Leadership Team. Fur f the issued identified were classified as high risk and the remaining ne was classified as lw risk. The classificatin f issues is defined as fllws: High Risk These recmmendatins relate t a serius weakness which expses the rganisatin t a material extent in terms f the achievement f departmental bjectives, financial results r therwise impair KCDC s reputatin. Immediate crrective actin is required. Page 1 f 9
2 Lw Risk A weakness which des nt seriusly detract frm the system f internal cntrl and/r peratinal effectiveness/efficiency but which shuld nevertheless be addressed by management. Summary f IT General Cntrl Envirnment Findings 7 Ernst & Yung s cntrl findings, recmmendatins and Cuncil s respnses theret are discussed belw. 8 Change management Observatin (High risk) We were prvided with the change management prcess dcument dated February This dcument describes the prcess t be fllwed fr the different IT change types (nrmal, standard and emergency) within Cuncil. The Change Cntrl Prcess specifies that change cntrl must ensure that the change is: Recrded Authrised Planned and Implemented Reviewed Evaluated and Priritised Tested and Dcumented. There are tw tls t capture changes; Manage Engine fr general IT Changes and NCS Service Request mdule fr MagiQ LTP and Budgeting mdule changes. We nted that althugh the change prcess is dcumented, it is nt always fllwed, all changes are nt dcumented/frmally reviewed/tested and captured. Recmmendatin Management shuld cnsider: Revisiting Change Management cntrl prcess dcumentatin and updating it with current KCDC practices. Enfrcing the use f the Change Management Plicy t ensure that all changes are apprpriately; authrised, tested, apprved, mnitred and evidence dcumented. Optimising use f existing change management tls t ensure that all changes are adequately captured. Using a versin management tl t ensure that KCDC cntrls and mnitrs all changes in prductin envirnment. Reviewing f system generated list f changes within the existing Change Advisry Bard prcess. Page 2 f 9
3 Cuncil s Respnse Cuncil agrees with the recmmendatin and ntes the significance f the implicatins utlined. Cuncil is actively wrking n the practical implementatin f sund change management prcesses acrss the rganisatin with the bjective f mitigating the risks identified. Current Status An updated Change Cntrl Prcess initiated within the ICT team (see the Change Management dcument attached as Appendix 1). ManageEngine Service Desk applicatin, identified as Change Management repsitry with cmprehensive wrkflw and reprting has been implemented as part f the system audit. Changes are authrised by the Change Advisry Bard (CAB) which cmprises the ICT Manager, the Service Desk Team Leader, the Infrmatin Technlgy Team Lead and ther business representatives. The CAB reviews change requests n a weekly basis 9 User access management prcesses Observatin (High risk) KCDC currently has n dcumented and apprved user access management prcess. T manage user access, a new user frm is cmpleted by the respnsible manager which is submitted t help desk fr access prvisining. We were advised that cntractr s access was set with a pre-determined Active Directry with a terminatin date. Hwever terminated users were ften nt remved frm the systems in a timely manner. This appears t be the result f the timeliness f the emplyees departure being cmmunicated t Help Desk. Peridic user access reviews d nt take place. The current business applicatin users are restricted t a limited number in the implementatin phase. We understand this is expected t increase as the MagiQ mdules g live. Page 3 f 9
4 Recmmendatin KCDC shuld cnsider: Implementing a cmmn user access management prcess. This prcess shuld be dcumented and include the access request, mdificatin, remval, and review prcesses. Ensuring apprpriate ntificatin is prvided t Business units and the Service Desk frm HR fr terminated emplyees t ensure that access t systems is remved in a timely manner. Frmalising a user access review prcess s that it is managed thrugh a centralised lcatin t ensure all reviews are cmpleted. Implementing regular review f user accunts t ensure that access is nly granted t users with a need t access a system. Ensuring that the individuals that mnitr and review these accunts and assciated activities shuld nt be administratrs within these systems. Cuncil s Respnse Current Status Cuncil agrees with the recmmendatins. Cuncil is currently engaged in a review f the user management prcesses in place with the bjective f develping and implementing suitable prcesses t ensure ptimal management f the IT infrastructure system. A user access management prcess has been initiated (see Access Management Prcess attached as Appendix 3). Management f User Access assigned t Service Desk Team Leader. Six-mnthly review f current access permissins fr the NCS Chamelen MagiQ system distributed t Line Managers n with requested changes requiring f the Mdule System Owner apprval. 10 Segregatin f duties Observatin (High risk) We bserved that cnflicting rles and respnsibilities are nt clearly defined. Segregatin f incmpatible duties shuld be present t avid cnflict f duties with respect t: Change Management rles: Request/apprve prgramme develpment r prgramme change Prgramme the develpment r change Mve prgrammes in and ut f prductin Mnitr prgramme develpment and changes. Page 4 f 9
5 Lgical Access granting rles: Requesting access, apprving access, setting up access, and mnitring access vilatins/vilatin attempts Perfrming rights f a privileged user and mnitring use f a privileged user. As MagiQ NCS is recently being implemented IT and Business user access levels, access granting prcess and develper access t prductin envirnment is nt frmally defined. We have been infrmed that currently the number f applicatin users is 5 with a target f 50 t 60 users after full transitin. As initial implementatin effrts wind dwn and end user numbers eventually increase segregatin f duties needs t head fr a mre secure and slid state. Recmmendatin KCDC shuld cnsider enfrcing segregatin f duties: Bth rganizatinally and lgically, t ensure that different individuals / system resurces perfrm access requests, access apprval, access prvisining, mnitring access vilatins fr bth IT privileged and Business end users. Ensuring different individuals perfrm privileged user access reviews, mnitring f privileged accunts and mnitring system generated list f changes in prductin envirnment. Where this is nt pssible, Kapiti Cast District Cuncil shuld cnsider restricting access t the prductin envirnment n an as required basis and peridically review all access. Different individuals / system resurces perfrm change requests, change apprval, mve prgrammes in and ut f prductin and mnitr changes as well as restricting develper access t prductin envirnment. Use f a versin management tl t ensure that KCDC cntrls and mnitrs all changes in prductin envirnment. Cuncil s Respnse Current Status Cuncil agrees with the recmmendatin. The prcess fr identifying and authrising duties is currently being reviewed as part f the verall ITGC systems review and apprpriate implementatin will be actined as a pririty. Segregatin f Duties is a lgical utcme f the ther prcesses initiated as part f this audit respnse: Upgrade t Crprate System (Magiq Enterprise) t be cmpleted in Q2 f the 2015/16 Financial year. This prvides imprved granularity f user rles within the applicatin. Page 5 f 9
6 Change Prcesses (identified abve) has allcated Change rles assigned, with Change Champin empwered t versee all change. N change is implemented unless it ges thrugh the Change Management Prcess, r is a dcumented exceptin. Review f General system security settings (see belw) has led t the implementatin f a prgramme t remve access t generic and unassigned lgins and administratr accunts. Management f Segregatin f duties assigned t ICT Infrastructure Team Leader. 11 General system security settings Observatin (High risk) Recmmendatin Our IT audit prcedures include understanding and assessing infrmatin security at an rganisatinal level. We nted that whilst sme basic security settings have been defined at a system level (e.g. netwrk passwrd plicy), KCDC has n frmal infrmatin security guidelines in place. These are imprtant t set the tne n hw prcesses are managed in a cntrlled and secure manner. Infrmatin Security describes activities that relate t the prtectin f infrmatin (financial and peratinal infrmatin prduced, distributed, retained) and infrmatin infrastructure assets (perating systems, access cntrl mechanisms, databases, applicatins) against the risks f lss, misuse, disclsure r damage. It is imprtant that management has a cmmn understanding f infrmatin security risks and ptential implicatins t the Cuncil. Infrmatin security guidelines at a minimum shuld cver: Access cntrl including physical and remte access, Passwrd Settings, lgs n perating systems and databases, Cnfiguratin baselines fr hardware (firewalls, servers, perating systems and databases) Security Patching, Incident and Prblem Management, AntiVirus. We recmmend New Zealand Infrmatin Security Manual (NZISM), updated in Nvember 2014 t be cnsidered as a baseline fr IT security practices. Definite way f adding structure is t create infrmatin security guidelines in cnsultatin with the business t ensure the guidelines are relevant t the business as well as IT. These plicies shuld then be reviewed and apprved at least annually t make any necessary adjustments as a result f IT envirnment changes. Page 6 f 9
7 Cuncil s Respnse Cuncil agrees with the recmmendatins and plans are underway t engage an external cnsultant t cnduct a wide ranging audit including a general IT architecture review. The recmmendatins arising frm these audits will prvide detailed infrmatin n bth ICT Strategy and general IT security and will frm the basis f the implementatin fr imprvements as a pririty item. Current Status A cmprehensive wrk plan f updates and imprvements t systems and security has been created. As the majrity f these changes affect prductin systems and services, such updates are scheduled in apprpriate windws and it is anticipated that all the wrk will be cmpleted by the end f Q2 in the 2015/16 financial year. General system security settings assigned t the Infrastructure Team Leader. 12 Backup peratins Observatin (Lw risk) KCDC has n backup plicy r disaster recvery plicy which detailed the prcess including means, frequency and retentin perid fr backups. Current practice is t assign backup and batch peratins respnsibilities by way f individual emplyee jb descriptin. Management advised that a draft prcedure exist fr SLA s that shuld help in defining what the business requires frm IT Disaster Recvery management. Hwever, the draft prcedure has nt been updated t reflect KCDC s current peratinal and regulatry needs and is nt apprved and adpted by Cuncil. We als nted that actins taken t reslve backup issues are nt recrded and therefre we were unable t determine that crrective actin had been taken fr failed backups. N frmalised prcess with regards t testing f backups exists. We understand that backups are tested n demand by the business t restre data. Hwever, backups are nt tested n a systematic r predefined basis which increases the risk f failing t restre data if required. Recmmendatin Management shuld cnsider: Reviewing current backup peratins and apprving back-up retentin perids as part f the backup plicy that is being develped. Business and system wners, in cnsultatin with IT, shuld authrise and define the retentin perids t ensure that these are practical and apprpriate. Retaining backup lgs fr all applicatins and recrding crrective actins using the centralised incident management prcedures. Page 7 f 9
8 Cuncil s Respnse Current Status Implementing activities designed t perfrm regular testing f DLT tapes stred ffsite at EOC center, ensuring that critical data can be restred as and when it is required. Perfrming Disaster Recvery testing ffsite DR site using data synced by Rsync Tl. Cuncil agrees with the bservatin. Current back up peratins are in place, hwever these prcesses are being reviewed alng with the wide ranging audit and general IT architecture review. A cmprehensive revisin f the Back-up and Disaster Recvery plan is t be develped in Q2 f the 2015/16 Financial year. This is t align with the ICT Strategy and the prgramme f wrk designed t imprve district wide cnnectivity fr Cuncil services: An audit f current back-up tls and applicatins has been cmpleted. Request fr Infrmatin is in draft fr a cmprehensive, cuncil wide system mnitring tl. Management f Back-up Operatins assigned t Infrastructure Team Leader. Overall Prgress f Wrk Prgramme t Address IT General Cntrl Envirnment Findings 13 It is anticipated that the implementatin f the wrk prgramme will take 3-6 mnths, at the end f which all f the Cntrl Findings will be reslved. It shuld be nted that while Ernst & Yung s findings relate nly t the Cuncil s 2014/15 Annual Reprt and 2015/35 Lng Term Plan, the frmal wrk prgramme being implemented t address the findings has been adapted t encmpass all aspects f Cuncil s peratins. 14 Furthermre, t address all aspects f the findings necessarily requires significant perids f dwn time t variusly diagnse, implement and test Cuncil s ICT systems. 15 In the secnd quarter f the 2015/16 financial year, Ernst & Yung will be engaged t review the Cuncil s prgress against its findings t ensure that prgress is being made and that the significant risks highlighted are being apprpriately managed. CONSIDERATIONS Plicy cnsideratins 16 The implementatin f the wrk prgramme has resulted in the creatin f tw new crprate plicies: IT Change Management Plicy System Access Permissins Plicy. Page 8 f 9
9 17 The plicies will becme perative fllwing the apprval f the Senir Leadership Team. Legal cnsideratins 18 There are n legal cnsideratins. Financial cnsideratins 19 The csts relating t the matters utlined in this reprt will be cvered within the current Annual Plan budget. Tāngata whenua cnsideratins 20 There n tāngata whenua cnsideratins. SIGNIFICANCE AND ENGAGEMENT Degree f significance 21 This matter has a lw level f significance under Cuncil plicy. Cnsultatin already undertaken 22 Due t the nature f the decisin being made, n cnsultatin prcess is required t be undertaken. Engagement planning 23 An engagement plan is nt needed t implement this decisin. Publicity 24 There are n publicity issues t be cnsidered at this stage. RECOMMENDATIONS 25 That the & Risk Subcmmittee ntes the prgress f the frmal wrk prgramme that is being implemented t address the issues raised by Ernst & Yung in its Reprt n IT Cntrl Envirnment Assessment and Recmmendatins. 26 That the & Risk Subcmmittee ntes that in the secnd quarter f the current financial year, Ernst & Yung will review the Cuncil s prgress against its recmmendatins. Reprt prepared by Apprved fr submissin Apprved fr submissin Mark de Haast Stephen McArthur Wayne Maxwell Financial Cntrller Grup Manager Strategy & Grup Manager Crprate Planning Services Appendix 1 - Change Management dcument Appendix 2 - Access Management Prcess Page 9 f 9
Systems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationAUDIT AND RISK COMMITTEE TERMS OF REFERENCE
AUDIT AND RISK COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE Audit and Risk Cmmittee 2. ESTABLISHMENT The Audit and Risk Cmmittee is established under Part 3 Sectin 19(1) f the Charles Darwin University
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationGravesham Borough Council
Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy
More informationBusiness Continuity Management Policy
Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationSaaS Listing CA Cloud Service Management
SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationE-Business Strategies For a Cmpany s Bard
DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as
More informationCorporate Standards for data quality and the collation of data for external presentation
The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published
More informationService Level Agreement
Template SDSU-TPL-11085 v1.3 18/1/11 IT Services Service Level Agreement Staff Email and SMTP Accunts (EMSF) Versin: 0.1 01/11/2010 Service Level Agreement: Staff Email and SMTP Accunts (EMSF) Cntents
More informationChange Management Process For [Project Name]
Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationFINANCE SCRUTINY SUB-COMMITTEE
REPORT FOR: PERFORMANCE AND FINANCE SCRUTINY SUB-COMMITTEE Date f Meeting: 6 January 2015 Subject: Staff Survey and Sickness Absence Mnitring Results and Actin plans Respnsible Officer: Scrutiny Lead Member
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationBIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements
BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive
More informationIT CHANGE MANAGEMENT POLICY
IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement
More informationHow To Write An Ehsms Training, Awareness And Competency Procedure
Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:
More informationThis report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.
Cmmittee: Date(s): Infrmatin Systems Sub Cmmittee 11 th March 2015 Subject: Agilisys Managed Service Financial Reprt Reprt f: Chamberlain Summary Public Fr Infrmatin This reprt prvides Members with an
More informationOracle Cloud Enterprise Hosting and Delivery Policies
Oracle Clud Enterprise Hsting and Delivery Plicies Statement f Changes Versin 1.5, 6/01/2015 This dcument utlines changes made t the Oracle Clud Enterprise Hsting and Delivery Plicies dated December 1,
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationRATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority
RATIONALE With the intrductin f the Excellent Care fr All Act, hspital bards must nw have a quality cmmittee that reprts t the bard. The template prvides sample terms f references fr rganizatins t adapt
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationBusiness Continuity Management Systems Foundation Training Course
Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE
More information17 Construction environmental management plan (CEMP)
17 Cnstructin envirnmental management plan (CEMP) Bur Happld Cntents 17 Cnstructin Envirnmental Management Plan (CEMP) 17-1 17.1 Intrductin 17-1 17.2 Intrductin t EMS 17-1 17.2.1 Plicy 17-2 17.2.2 Planning
More informationUNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE
1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in
More informationRisk Management Policy AGL Energy Limited
Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationGeneral Records Authority 33. Accredited Training
General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationProfessional Leaders/Specialists
Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and
More informationSECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationService Level Agreement Distributed Hosting and Distributed Database Hosting
Office f Infrmatin Technlgy Services Service Level Agreement Distributed Hsting and Distributed Database Hsting Nvember 12, 2013 Service Descriptin Distributed Hsting and Distributed Database Hsting Service
More informationUnified Communications
Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number
More informationNuance Healthcare Services Project Delivery Methodology
NUANCE PROFESSIONAL SERVICES Nuance Healthcare Services 2008 Nuance Cmmunicatins, Inc. All rights reserved. Nuance Healthcare Services 1 INTRODUCTION This dcument describes the prject management methdlgy
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationHealth and Safety Training and Supervision
Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI
More informationTITLE: RECORDS AND INFORMATION MANAGEMENT POLICY
TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act
More informationINFRASTRUCTURE TECHNICAL LEAD
1. PURPOSE OF POSITION This psitin is respnsible fr the delivery f peratinal supprt and maintenance f the TDHB IT infrastructure envirnment. This rle is als pivtal in the develpment and delivery f infrastructure
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationOFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager
JOB SPECIFICATION FUNCTION JOB TITLE REPORTING TO GRADE WORK PATTERN LOCATION IT & Digital Netwrk Services Analyst Netwrk Services Team Manager Band D Full-time Birmingham TRAVEL REQUIRED Occasinally ROLE
More informationSERVICE DESK TEAM LEADER
1. PURPOSE OF POSITION The Service Desk Team Leader rle is respnsible fr managing the peratin f the Service Desk. This rle is crucial t ensuring custmer requirements are met in terms f cmmunicatin, priritising,
More informationDraft for consultation
Draft fr cnsultatin Draft Cde f Practice n discipline and grievance May 2008 Further infrmatin is available frm www.acas.rg.uk CONSULTATION ON REVISED ACAS CODE OF PRACTICE ON DISCIPLINE AND GRIEVANCE
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationDatabase Services - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and Database Services t dcument: The technlgy services Database Services prvides t the custmer. The targets fr respnse times, service
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationFinance, Performance and Risk Committee 2014/2015
Finance, Perfrmance and Risk Cmmittee 2014/2015 Date f Meeting: 17 December 2014 Agenda Item: Click here t enter text. Subject: Infrmatin Gvernance Plicy Reprting Officer: Paul Byrne Lead IG Manager Aim
More informationKERRY ROGERS, DIRECTOR OF CORPORATE SERVICES/COMPANY SECRETARY
Bard f Directrs Meeting Reprt Subject: Gvernance Framewrk Date: 30 th Octber 2014 Authr: KERRY ROGERS, DIRECTOR OF CORPORATE SERVICES/COMPANY SECRETARY Lead Directr: KERRY ROGERS BACKGROUND A Bard s prpsed
More informationNSW Government. Software Asset Management Standard. Version 1.0. October 2014
NSW Gvernment Sftware Asset Management Standard Versin 1.0 Octber 2014 standards@finance.nsw.gv.au ICT Services Office f Finance & Services Level 23, McKell Building 2-24 Rawsn Place SYDNEY NSW 2000 Sftware
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationCustomer Support & Software Enhancements Policy
Custmer Supprt & Sftware Enhancements Plicy Welcme t Manhattan Assciates Custmer Supprt Organizatin (CSO). Staying current n Custmer Supprt & Sftware Enhancements and n a supprted versin f the licensed
More informationArmy DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012
Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationIT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationWaitemata District Health Board, 15 Shea Terrace, Takapuna
Date: Octber 2015 Jb Title: Quality and Audit Manager Department: Planning, Funding and Outcmes Unit Lcatin: Waitemata District Health Bard, 15 Shea Terrace, Takapuna Reprting t: Directr Funding Direct
More informationOffice of the Superintendent of Financial Institutions. Internal Audit Report. Human Resources Performance Management.
Office f the Superintendent f Financial Institutins Internal Audit Reprt n Human Resurces Perfrmance Nvember 2010 Table f Cntents 1. Backgrund...3 2. Audit Objectives, Scpe, Apprach, and Criteria...3 3.
More informationTemplate on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution
COORDINATION AND COOPERATION ARRANGEMENTS EBA/RTS/2014/16 EBA/ITS/2014/07 Annex II Template n written crdinatin and cperatin arrangements f the supervisry cllege established fr the Grup/ Institutin
More informationHeythrop College Disciplinary Procedure for Support Staff
Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and
More informationPOLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES
POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES M. PĘCIŁŁO Central Institute fr Labur Prtectin ul. Czerniakwska
More informationBusiness Plan 2014-15
Cmmissin fr Lcal Administratin in England Business Plan 2014-15 All Business Plan activity is linked t ur fur Strategic Objectives LGO Business Plan 2014-2015 v web 3 Page 1 descriptin 1. Prvide a cmplaints
More informationITIL Release Control & Validation (RCV) Certification Program - 5 Days
ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationnbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.
Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr
More informationState of Wisconsin. File Server Service Service Offering Definition
State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm
More informationPOSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position
Psitin Title I.T Prject Officer Classificatin Higher Educatin Wrker, Level 7 Respnsible t The Psitin I.T Manager The psitin assists with the cmpletin f varius IT prjects intended t enable the nging administratin
More informationData Warehouse Scope Recommendations
Rensselaer Data Warehuse Prject http://www.rpi.edu/datawarehuse Financial Analysis Scpe and Data Audits This dcument describes the scpe f the Financial Analysis data mart scheduled fr delivery in July
More informationService Level Agreement
Template SDSU-TPL-11085 v1.3 18/1/11 IT Services Service Level Agreement Enterprise CRM (ECRM) Versin: 0.1 01/11/2010 Cntents 1 INTRODUCTION... 4 1.1 Scpe f the Agreement... 4 1.2 Duratin f the Agreement...
More informationSoftware and Hardware Change Management Policy for CDes Computer Labs
Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces
More informationState of Wisconsin DET Dedicated Virtual Host Services Offering Definition
State f Wiscnsin DET Dedicated Virtual Hst Services Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 10/29/2010 1.0 Phil Staley Initial draft 11/3/2010 1.1 Phil Staley Ryan McKee Secnd
More informationHEALTH INFORMATION EXCHANGE GRANTS CRITERIA
1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationEnvironment Protection Authority
Envirnment Prtectin Authrity EPA Cmplaints Management Plicy Intrductin This plicy sets ut the purpse, principles and prcess fr hw custmer feedback, including cmplaints, will be managed in the EPA t imprve
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationCommunal Property Institution Capacity Assessment Tool
Cmmunal Prperty Institutin Capacity Assessment Tl Intrductin t cmmunal prperty institutins Cmmunal prperty institutins (CPIs) Participants in the land refrm prgramme can hld prperty thrugh different frms
More informationPlanning & Delivering Safe Work Railway Contractors Certificate Non Training Services v1.2. Keith Miller & Rebecca Pears
Planning & Delivering Safe Wrk Railway Cntractrs Certificate Nn Training Services v1.2 Keith Miller & Rebecca Pears Planning & Delivering Safe Wrk Backgrund / Histry Intrductin f Safe Wrk Leader Intrductin
More informationGENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015
GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER Mst Recently Amended: December 8, 2015 Purpse The purpse f the Audit Cmmittee is t assist the Bard f Directrs f General Mtrs Cmpany in its versight f the
More informationFY 2014 Senior Level (SL) and Scientific or Professional (ST) Performance Appraisal System Opening Guidance
Office f Executive Resurces Office f the Chief Human Capital Officer U.S. Department f Energy FY 2014 Senir Level (SL) and Scientific r Prfessinal (ST) Perfrmance Appraisal System Opening Guidance Table
More informationChief Finance and Operations Officer IfM Education and Consultancy Services (IfM ECS)
Chief Finance and Operatins Officer IfM Educatin and Cnsultancy Services (IfM ECS) Rle Summary IfM ECS disseminates the research and educatin utputs f the University f Cambridge Institute fr Manufacturing
More informationDocument Management Versioning Strategy
1.0 Backgrund and Overview Dcument Management Versining Strategy Versining is an imprtant cmpnent f cntent creatin and management. Versin management is a key cmpnent f enterprise cntent management. The
More informationS&T IT Change Management Policy and Procedure
S&T IT Change Management Plicy and Prcedure 5/1/2016 Page 2 f 10 Executive Summary S&T IT Change Management All IT & Ed Tech staff are respnsible t fllw the Change Management Prcess when intrducing changes
More informationAHI. Foreign Pre-Approval Inspections (PAIs) Points to Consider
AHI Freign Pre-Apprval Inspectins (PAIs) Pints t Cnsider The fllwing suggestins are intended t prvide spnsr guidance fr timeliness and predictability f freign PAIs. The FDA Center fr Veterinary Medicine
More information