UBC Incident Response Plan V1.5
|
|
- Sylvia Davidson
- 8 years ago
- Views:
Transcription
1 UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale Objective Applicatin Reprting a Cmputer Security Incident Managing the Security Incident All Incidents Medium and Severe Incidents Severe Incidents Additinal Prcedures fr Merchant Incidents Clsing the Incident Summary f Incident Respnse Plan Glssary Cardhlder Data Envirnment (CDE) Cmputer Security Incident Types f Incidents Incident Severity Cmputer Security Incident Respnse Team (CSIRT) CSIRT Crdinatr Merchant Security Centre Operatins Respnse (SCOR)
2 1. Ratinale Centralised ntificatin and cntrl f security incident investigatin is necessary t ensure that immediate attentin and apprpriate resurces are applied t cntrl, eliminate and determine the rt cause f events that culd ptentially disrupt the peratin f the university r cmprmise university data. 2. Objective The gal f this plan is t: Identify accuntability fr respnding t cmputer security incidents Ensure apprpriate escalatin Ensure effective administrative respnse t cmputer security incidents Streamline the respnse prcess Secure and prtect data in rder t minimise the rganisatinal impact f a cmputer security incident 3. Applicatin This plan applies t cmputer security incidents that affect UBC s infrmatin technlgy facilities, infrastructure r data assets, including but nt limited t servers, wrkstatins, merchant systems, firewalls, ruters, and switches. 4. Reprting a Cmputer Security Incident All suspected cmputer security incidents must be reprted immediately t UBC IT via the IT Service Centre (ITSC) at security@ubc.ca r Members f the university cmmunity must reprt a suspected cmputer security incident accrding t nrmal practice within their unit. This culd be t their supervisr, t the IT service team fr their unit r directly t the ITSC. Where the cmputer security incident invlves physical security issues in additin t cmputer security issues the incident must be reprted t Campus Security wh will in turn alert the ITSC. 5. Managing the Security Incident 5.1. All Incidents The ITSC will: 2
3 Create an incident file Escalate t the CSIRT Crdinatr The CSIRT Crdinatr will: Crdinate the incident with the ITSC staff and/r any ther relevant persnnel Escalate as required t SCOR and/r the Assciate Directr f Infrmatin Security Management (AD ISM) Ensure that relevant infrmatin is captured in the incident file; regardless f the technical resurces assigned t wrk the incident. These resurces may include SCOR, the ITSC, University IT Supprt Staff r ther persnnel as required Clse the incident file SCOR will: Investigate t determine if a breach has ccurred: Until cnfirmed it is t be classified as an incident; and If a breach is cnfirmed, then declare the severity f the breach. Identify the scpe and type f prblem, including classificatin as minr, medium r severe Ntify apprpriate rganizatins internal and external t UBC (including relevant plice agencies) Take crrective actin as described in the Securing and Preserving Electrnic Evidence guideline Reprt, as needed, t the apprpriate UBC department fr further actin; in sme cases this may include discipline. Nte: The type f infrmatin invlved may dictate mandatry reprting requirements 5.2. Medium and Severe Incidents This sectin cvers additinal prcedures fr incidents classified as Medium r Severe, which must be fllwed in additin t the prcedures fr All Incidents. The AD ISM will: Frm a CSIRT t include the relevant wner(s) f the data r issue The CSIRT Crdinatr will: Prvide regular briefings t the CSIRT by at least nce a day and mre ften at the utset - even if there has been n change Write a clsing incident reprt that is shared with the CSIRT 3
4 5.3. Severe Incidents This sectin cvers additinal prcedures fr incidents classified as Severe, which must be fllwed in additin t the prcedures fr Medium and Severe Incidents. The AD ISM will: Escalate the incident t the CIO Ensure that the CSIRT includes the CIO and the relevant wner(s) f the data r services affected The CIO will: Brief the Prvst and any ther relevant UBC Executives Ensure risk is managed in cnsultatin with the Prvst and any ther relevant UBC Executives Activate UBC s Disaster Respnse Plan (DRP) if the situatin requires, based n the impact n persns, prperty, and the envirnment Prvide a clsing incident reprt t the Prvst and the ther UBC Executives that assisted in the management f the incident 5.4. Additinal Prcedures fr Merchant Incidents This sectin cvers additinal prcedures fr Merchant (Payment Card Industry) incidents, which must be fllwed in additin t the prcedures fr All Incidents. The ITSC will: Merchant incidents are any where the fllwing examples f Merchant prcessing systems are included in the reprt: PIN pad tampering Rgue wireless access pint detected Any incident invlving credit card prcessing such as Visa, Mastercard, Amex, etc. Any incident where PCI r merchant prcessing are reprted Acquirer references such as TD, Chase, Mneris, Beanstream, etc. Merchant website cmprmise Escalate the incident t the Financial Analyst - UBC PCI Cmpliance ; If n respnse frm r if the Financial Analyst - UBC PCI Cmpliance is away, cntact: Manager, Revenue Accunting Directr, Financial Reprting The Financial Analyst UBC PCI Cmpliance will: 4
5 Cntact the merchant t crdinate the incident Crdinate with the CSIRT Crdinatr Crdinate with PCI Wrking Cmmittee as required Crdinate any cntact with Acquirer/Card cmpanies 6. Clsing the Incident A clsing incident reprt shall be prepared by the CSIRT Crdinatr fr medium and severe incidents. The reprt shall include: Chrnlgy f the incident and actins taken Scpe f risk the university faced during the incident e.g. number f recrds, degree f expsure Descriptin f actin taken t mitigate and reslve the issue Cmmunicatins that were taken Brief explanatin f basis fr key decisins Evaluatin f whether respnse plan was fllwed Identificatin f internal imprvements t infrastructure, systems, the incident respnse plan, and any ther actins that are recmmended 5
6 7. Summary f Incident Respnse Plan Reprt Incident Manage Incident Clse Incident User r Supervisr Credit Card Prcessing Merchant Campus Security Managed by CSIRT Crdinatr AD ISM assembles CSIRT fr medium and severe incidents AD ISM escalates severe incidents t CIO. CIO briefs UBC executives Create clsing incident reprt fr medium and severe incidents Share reprt with CSIRT fr medium incidents Share reprt with CIO fr severe incidents 6
7 8. Glssary 9.1. Cardhlder Data Envirnment (CDE) A CDE is defined as the cmputer envirnment wherein cardhlder data is transferred, prcessed, r stred, and any netwrks r devices directly cnnected t that envirnment Cmputer Security Incident A cmputer security incident, fr the purpses f this plan, includes events where there is suspicin that: Cnfidentiality, integrity r availability f UBC data has been cmprmised Cmputer systems r infrastructure has been attacked r is vulnerable t attack Types f Incidents Security incident types include but are nt limited t: 7
8 Malicius cde attacks - attacks by prgrams such as viruses, trjan hrse prgrams, wrms, rtkits, and scripts t gain privileges, capture passwrds, and/r mdify audit lgs t hide unauthrised activity. Unauthrised access - includes unauthrised users lgging int a legitimate accunt, unauthrised access t files and directries, unauthrised peratin f sniffer devices r ruge wireless access pints. Disruptin f services - includes erasing f prgrams r data, mail spamming, denial f service attacks r altering system functinality. Misuse - invlves the utilizatin f cmputer resurces fr ther than fficial purpses. Espinage - stealing infrmatin t subvert the interests f a crpratin r gvernment entity. Haxes - generally an warning f a nnexistent virus. Unusual Events includes erratic and persistent unusual system behaviur n desktps, servers r the UBC netwrk. Inexplicable lck ut f user accunts r the existence f a strange prcess running and accumulating a lt f CPU time Incident Severity Incidents will be classified by the CSIRT Crdinatr based n the perceived impact n university resurces: Minr -incidents fr which there are rutine slutins. Sensitive infrmatin has nt been expsed r accessed by unauthrised parties. Medium - incidents that d nt have rutine slutins but are limited in scpe and cnsequences. Severe - incidents that invlve significant persnal data leakage, cmprmised institutinal data, r that impacts a significant number f users, all f which has significant cnsequences 9.3. Cmputer Security Incident Respnse Team (CSIRT) A CSIRT is assembled by the AD ISM, and is drawn as apprpriate, frm SCOR and the fllwing grups (r their delegates): Campus Security Enrlment Services Finance Human Resurces Infrmatin Technlgy Internal Audit 8
9 Public Affairs Research Risk Management Services Treasury Unit/Department where incident ccurred University Cunsel 9.4. CSIRT Crdinatr The CSIRT Crdinatr is the Access and Identity Analyst, wh is part f the SCOR grup, and is charged with managing an incident Merchant Any University unit that accepts payment cards bearing the lgs f any f the five members f the PCI- DSS (American Express, Discver, JCB, MasterCard r VISA) Security Centre Operatins Respnse (SCOR) The SCOR grup, led by the Assciate Directr f Infrmatin Security Management (AD ISM), reprts t the Directr f Infrastructure, and has respnsibility fr the IT security infrastructure n campus. 9
UBC Incident Response Plan
UBC Incident Response Plan Contents 1. Rationale... 1 2. Objective... 1 3. Application... 1 4. Definitions... 1 4.1 Types of Incidents... 1 4.2 Incident Severity... 2 4.3 Information Security Unit... 2
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationnbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.
Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr
More informationInformation Security Incident Response Plan
Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationIncident Management-Roles and Responsibilities
Enterprise Services Incident Management- Rles and Respnsibilities Fr Key Stakehlders Table f Cntents 1. Intrductin:... 2 2. Objective:... 2 3. In Scpe:... 2 4. Out f Scpe:... 3 5. Incident Management is
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationUNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE
1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in
More informationChange Management Process For [Project Name]
Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationRisk Management Policy AGL Energy Limited
Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...
More informationPADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700
PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 Plicy Title Versin Number Date Issued Critical Incident Management Plicy 2.0 Nvember 2007 Reviewed April 2010 June 2015 Definitin Critical incidents
More informationCSUSB Containment Guidelines CSUSB, Information Security Office
CSUSB, Infrmatin Security Office Last Revised: 01/30/2013 Final REVISION CONTROL Dcument Title: Authr: File Reference: CSUSB Cntainment Guidelines Javier Trner Date By Actin Pages 03/30/05 J Trner Created
More informationGeneral Records Authority 33. Accredited Training
General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION
More informationesupport Quick Start Guide
esupprt Quick Start Guide Last Updated: 5/11/10 Adirndack Slutins, Inc. Helping Yu Reach Yur Peak 908.725.8869 www.adirndackslutins.cm 1 Table f Cntents PURPOSE & INTRODUCTION... 3 HOW TO LOGIN... 3 SUBMITTING
More informationProcess of Setting up a New Merchant Account
Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationNewborn Blood Spot Failsafe Solution (NBSFS) Operational Level Agreements. Part B: Child Health Record Department (CHRD) Users
Newbrn Bld Spt Newbrn Bld Spt Failsafe Slutin (NBSFS) Operatinal Level Agreements Part B: Child Health Recrd Department (CHRD) Users Versin 1.2 / May 2015 Uncntrlled when printed. T ensure yu have the
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationUnified Infrastructure/Organization Computer System/Software Use Policy
Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationBusiness Continuity Management Policy
Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationIT CHANGE MANAGEMENT POLICY
IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI
More informationHelp Desk Level Competencies
Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar
More informationACTIVITY MONITOR Real Time Monitor Employee Activity Monitor
ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library
More informationSoftware and Hardware Change Management Policy for CDes Computer Labs
Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationRemote Working (Policy & Procedure)
Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer
More informationPrivacy and Security Training Policy (PS.Pol.051)
Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider
More informationProject Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES
Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationTo clarify terms used within these policies, the following definitions are provided:
Baker University Email Plicy E-mail services are prvided t the Baker cmmunity in supprt f the educatinal missin f the University and the administrative functins t carry ut that missin. Users f Baker e-mail
More informationDATA REQUEST GUIDELINES
DATA REQUEST GUIDELINES This dcument describes prcedures law enfrcement authrities and individuals invlved in civil litigatin shuld fllw t request data frm LinkedIn and its affiliated service prviders.
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationProfessional Leaders/Specialists
Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and
More informationSystem Business Continuity Classification
System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality
More informationHow To Write An Ehsms Training, Awareness And Competency Procedure
Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:
More informationHampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices
This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse
More informationPCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities
PCI - Why Yu Need t be Cmpliant When Accepting Credit Card Payments Tuesday, March 27, 2012 Agenda Breach Events & Cmmnalities Evlutin f PCI PCI Requirements Risks f Nn-cmpliance Industry Initiatives t
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationOITS Service Level Agreement
OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationHuman Resources Policy pol-020
Human Resurces Plicy pl-020 Versin: 2.00 Last amendment: Jul 2014 Next Review: Jul 2017 Apprved By: Cuncil Date: 04 May 2005 Cntact Officer: Directr, Office f Human Resurce Services INTRODUCTION The University
More information0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012
State f Michigan Administrative Guide t State Gvernment 0820.02 Wrkers Disability Cmpensatin Claims Prcedures Issued: January 1, 1994 Revised: March 29, 2012 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY:
More informationISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security
ISMF Standard 141 OCIO/S4.6 Gvernment standard n cyber security Prepared by: Office f the Chief Infrmatin Officer Versin: v1.0 Date: 12 September 2014 GOVERNMENT STANDARD ON CYBER SECURITY OCIO/S4.6 Cnfidentiality:
More informationDraft for consultation
Draft fr cnsultatin Draft Cde f Practice n discipline and grievance May 2008 Further infrmatin is available frm www.acas.rg.uk CONSULTATION ON REVISED ACAS CODE OF PRACTICE ON DISCIPLINE AND GRIEVANCE
More informationHeythrop College Disciplinary Procedure for Support Staff
Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and
More informationTemplate on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution
COORDINATION AND COOPERATION ARRANGEMENTS EBA/RTS/2014/16 EBA/ITS/2014/07 Annex II Template n written crdinatin and cperatin arrangements f the supervisry cllege established fr the Grup/ Institutin
More informationDatabase Services - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and Database Services t dcument: The technlgy services Database Services prvides t the custmer. The targets fr respnse times, service
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationPOSITION NUMBER: LOCATION: Vancouver. DATE: February 2009
POSITION TITLE: Team Lead Service Centre DIVISION/BRANCH: IS/IT CURRENT CLASSIFICATION LEVEL: IS27 SUPERVISOR S POSITION NUMBER POSITION NUMBER: LOCATION: Vancuver DATE: February 2009 SUPERVISOR S TITLE/CLASSIFICATION:
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationResearch Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012
Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.
More informationNYU Langone Medical Center NYU Hospitals Center NYU School of Medicine
Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015
ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY Gvernrs Cmmittee: Finance and General Purpses Apprved by Gverning Bdy n: 6 th May 2015 Signed: (Chair f Cmmittee) Signed: (Headteacher) Date t be
More informationAccident Investigation
Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,
More informationSTANDARDISATION IN E-ARCHIVING
STANDARDISATION IN E-ARCHIVING R E Q U I R E M E N T S A N D C O N T R O L S F O R D I G I T I S AT I O N A N D E - A R C H I V I N G S E R V I C E P R O V I D E R S Alain Wahl 1 Requirements and cntrls
More informationIf the CAP is acceptable, the serious deficiency determination for the provider is temporarily deferred.
Pat McCrry Gvernr Sent Via Email TO: FROM: Nrth Carlina Department f Health and Human Services Divisin f Public Health May 12.2014 Spnsring Organizatins f Day Care Hmes Arnette Cwan, MS, RD, LDN Supervisr,
More informationFERRIS STATE UNIVERSITY SCHOOL of NURSING CODE of CONDUCT
1 FERRIS STATE UNIVERSITY SCHOOL f NURSING CODE f CONDUCT The Schl f Nursing (SON) at Ferris State University uphlds the University Cde f Student Cnduct and the American Nurses Assciatin Cde f Ethics.
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationFINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.
FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationHow To Write A Disaster Recovery Plan
Dcument Preview This is nly a prtin f the entire, custmizable dcument. KEEP IN DISASTER RECOVERY PLAN and a cpy ff-site Disaster Recvery and Business Cntinuity Plan Fr Name f Cmpany Name Lcatin f Date
More informationSupervisor Competence Standard
Supervisr Cmpetence Title Reprting and Investigating Incidents, and Initial Emergency Respnse Descriptin This standard specifies the knwledge and skills required fr supervisrs t cntribute t incident reprting
More informationResearch Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012
Research Reprt Abstract: Security Management and Operatins: Changes n the Hrizn By Jn Oltsik, Senir Principal Analyst With Kristine Ka and Jennifer Gahm July 2012 2012, The Enterprise Strategy Grup, Inc.
More informationHow To Ensure That The Internet Is Safe For A Health Care Worker
POLICY Dc. Cde: IS I5 INTERNET - ACCEPTABLE USE Applicable t: MidCentral DHB Including MidCentral Health & Enable NZ Issued by: Infrmatin Systems Cntact: Manager Service Delivery 1. PURPOSE This plicy
More informationEnvironment Protection Authority
Envirnment Prtectin Authrity EPA Cmplaints Management Plicy Intrductin This plicy sets ut the purpse, principles and prcess fr hw custmer feedback, including cmplaints, will be managed in the EPA t imprve
More informationPCI Compliance Merchant User Guide
PCI Cmpliance Merchant User Guide Table f Cntents Intrductin... 5 PCI Prgram Overview... 5 PCI10 2.0 Applicatin Tl Overview... 6 Lgin Prcess... 6 Update My Prfile... 7 Frgt Yur Passwrd... 8 Welcme Pages...
More informationBIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements
BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive
More information2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.
HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal
More informationACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.
Web Develpment Offshre Develpment Outsurcing SEO ACTIVITY MONITOR This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it
More informationSERVICE DESK TEAM LEADER
1. PURPOSE OF POSITION The Service Desk Team Leader rle is respnsible fr managing the peratin f the Service Desk. This rle is crucial t ensuring custmer requirements are met in terms f cmmunicatin, priritising,
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationNEW YORK STATE DEPARTMENT OF HEALTH BUREAU OF DENTAL HEALTH SCHOOL-BASED HEALTH CENTER DENTAL PROGRAM PERFORMANCE EFFECTIVENESS REVIEW TOOL (PERT)
NEW YORK STATE DEPARTMENT OF HEALTH BUREAU OF DENTAL HEALTH SCHOOL-BASED HEALTH CENTER DENTAL PROGRAM PERFORMANCE EFFECTIVENESS REVIEW TOOL (PERT) March 1, 2007 TABLE OF CONTENTS SECTION I: INTRODUCTION
More information