1 MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007
3 1.0 POLICY STATEMENT The Michigan Commission on Law Enforcement Standards (MCOLES) has created the MCOLES Information and Tracking Network (MCOLES Network) to provide criminal justice agencies with a secure and efficient system to comply with the requirements of Public Act 203 of 1965, as amended, Public Act 302 of 1982, as amended, relevant Administrative Law, and MCOLES operational policy and procedures. This security policy requires that users maintain respect for the privacy of confidential information at all times. A cooperative effort among all users is necessary to prevent misuse, eliminate the risk of liability, and promote the efficient use of the MCOLES Network as an information technology resource and service. 2.0 PURPOSE The purpose of this policy is to define and specify the requirements for access to, and use of the MCOLES Network. It also specifies the use and dissemination of information obtained from the use of the MCOLES Network. 3.0 ENTITIES AFFECTED BY THIS POLICY 3.1 All user agencies designated by the MCOLES as registered entities in the MCOLES Network. 3.2 All MCOLES Network agency operators designated as such by the user agency and authorized by the MCOLES to access the MCOLES Network for its intended purposes. 3.3 Authorized MCOLES staff. 3.4 State of Michigan system and network administrators. 3.5 Vendors responsible for system maintenance and administration under contract to the state of Michigan and the MCOLES. 3.6 MCOLES licensed law enforcement officers authorized by the MCOLES to access the MCOLES Network for its intended purposes. 3.7 All affected entities are collectively known as users for the purposes of this policy. 4.0 SECURITY ROLES AND RESPONSIBILITIES 4.1 The MCOLES shall set and maintain policies, procedures, and user guides for access, use, and security of the MCOLES Network. All MCOLES authorized users shall comply with, and remain in compliance with, the MCOLES Network security policy, procedures, system user guides, and operational memos published by the MCOLES. 1
4 4.2 The MCOLES staff shall enforce the MCOLES Network security policy, procedures, system user guides, and published operational memos. This shall be done by conducting field inspections of MCOLES Network user sites as provided for in administrative law and in this policy. 4.3 The MCOLES is responsible for MCOLES Network security control. Security control includes, but is not limited to, establishing and implementing policies, procedures, system user guides, and operational memos governing: operation of the MCOLES Network creation and submission of information dissemination and use of information obtained from the MCOLES Network retention and disposal of information obtained using the MCOLES Network referral of violations to the appropriate Prosecuting Attorney 4.4 Total network security is the shared responsibility of all MCOLES Network users. 5.0 SECURITY REQUIREMENTS 5.1 The user agency head must agree to the requirements of this security policy by completing and submitting a User Agency Agreement before access will be granted to the agency. 5.2 User agencies shall be responsible for the security of and access to the MCOLES Network and information obtained using the Network. This includes all information that is viewed, printed, or submitted to the MCOLES using the Network. 5.3 User agencies shall be responsible for ensuring the secure operation of the local network workstation, stand-alone personal computer, or laptop computer used to access the MCOLES Network. Operating practices, that expose the MCOLES Network to security incidents, may be cause for revocation of user access rights. 5.4 Requests for access rights for individual agency operators shall only be made by the user agency head or the agency head s designated single point of contact. 5.5 Requests made by a designated user agency single point of contact shall only be accepted after written notice of such designation from the user agency head has been received and verified by the MCOLES. 5.6 An Operator Agreement is required for each agency employee for whom the user agency head is seeking MCOLES authorization to access the Network on behalf of the agency. Each applicant for agency operator access must disclose all information relevant to compliance with the MCOLES Network security policy. 5.7 A Law Enforcement Officer Access Agreement is required for each MCOLES licensed law enforcement officer who is seeking MCOLES authorization to access the MCOLES Network. Each applicant for officer access must disclose all information relevant to compliance with the MCOLES Network security policy. 2
5 5.8 Access shall not be requested or granted if the user is a fugitive from justice, has pending charges, or has ever been convicted of: Any felony or any offense punishable by more than 1 year Any crime involving fraud or misappropriation Any crime of misuse of computer systems or information 5.9 If a determination is made by MCOLES that MCOLES Network access by the applicant would not be in the public interest, such access will be denied. The applicant s user agency, or the individual officer, shall be notified in writing of the access denial The user agency head must report any changes in the status of agency operators or change in user agency head within three working days of the change becoming effective Users who are charged or convicted of any of the items in 5.8 above after obtaining secure access to the MCOLES Network must be reported to the MCOLES. This may result in revocation of MCOLES Network access rights Users shall access the MCOLES Network only for those purposes and to the extent for which they are authorized in the applicable Agreement. Sanctions for access violations may be applied to the agency operator, user agency, or law enforcement officer Users shall maintain the security of their own unique user ID and password. These codes are issued only by MCOLES to each authorized user and cannot be shared by the user. Users may only access the MCOLES Network with the ID and password issued to them. User agency members not specifically authorized by the MCOLES as agency operators shall not be allowed to access the MCOLES Network for purposes of conducting agency business with the MCOLES Specific physical security standards shall be met where users access the MCOLES Network. The site at which a computer is being used to access the MCOLES Network shall have adequate physical security to protect against any unauthorized viewing or access to the system. Such sites shall include any location where users operate a personal computer, laptop computer, or network workstation to access the MCOLES Network Users shall log out of the MCOLES Network when leaving a computer or workstation not located within a secure area of the user agency s facilities. This requirement includes fully closing the browser window that was opened to access the MCOLES Network Agency operators must blank the screen of the personal or laptop computer or a network workstation in a secure area at the user agency site when the agency operator is away from the computer or workstation. At a minimum, this shall be done by use of a password-protected screensaver. 3
6 5.17 The use of a wireless connection is allowed provided 128 bit encryption is utilized for data transmission from the wireless computer to the Internet connection Users shall immediately implement any updates, additions, or revisions to policies, procedures, system user guides, or operational memos published by the MCOLES 6.0 DISSEMINATION OF MCOLES NETWORK INFORMATION 6.1 The information submitted to and maintained in the MCOLES Network is documented criminal justice information and shall be protected to ensure correct, legal, and efficient dissemination and use. 6.2 An authorized agency operator receiving a request to submit information to the MCOLES Network, or produce information using the MCOLES Network, shall ensure that the person requesting the information is authorized to receive the information. An unauthorized request for, or receipt of such material may result in criminal proceedings. Authorized use of MCOLES Network information is governed by Public Act 203 of 1965, as amended, Public Act 302 of 1982, as amended, related administrative law, and MCOLES policy. 6.3 Information obtained from the MCOLES Network and documents produced by the use of the MCOLES Network shall be used only for the purpose for which that request was made. Upon request by MCOLES Network administrators or MCOLES inspectors, user agencies and individual agency operators must provide a valid reason for all inquiries. Access to the MCOLES Network may be revoked if information is disseminated to persons without authority to receive it. Authority to receive MCOLES Network information may extend to the user agency, employing governmental unit, or service providers under contract to the user agency. 6.4 Documents produced by use of the MCOLES Network shall be maintained in a secure records environment. 6.5 All unauthorized dissemination of information obtained from the MCOLES Network is prohibited. 7.0 MCOLES NETWORK SITE INSPECTIONS 7.1 All user agencies having access to the MCOLES Network shall be subject to MCOLES inspections. This includes, but is not limited to, making appropriate inquiries with regard to the proper operation of the MCOLES Network in compliance with controlling statutes, administrative law, this security policy, MCOLES policies and procedures, system user guides, and operational memos. 7.2 All user agencies having access to the MCOLES Network shall permit MCOLES staff to conduct appropriate inquiries with regard to allegations of security violations. 4
7 8.0 SANCTIONS 8.1 Failure to comply with all of the security requirements of this policy and user agreements may result in revocation of all access rights to the MCOLES Network and/or other penalties, including criminal prosecution. 8.2 Failure by a user agency or a user to comply with the disclosure requirements of this policy, the User Agency Agreement, the Operator Agreement, or the Law Enforcement Officer Access Agreement at the time of application for MCOLES Network security access, may result in revocation of all access rights to the MCOLES Network and/or other penalties, including criminal prosecution. This includes but is not limited to concealment or failure to disclose charging or conviction information. 5
9 APPENDIX A: DEFINITIONS The terms and definitions found within this document are to be considered in the context of their applicability to the MCOLES Network security policy. Alternate definitions may exist for environments outside of this policy. Access: Opportunity to make use of the MCOLES Network. The ability to have contact with a computer or network workstation from which a transaction may be initiated. Access Control: Procedures and controls that limit or detect access to critical information resources. Access Device: The end user medium that is used to access the MCOLES Network. Access Level: The hierarchical portion of the security level used to identify the sensitivity of data and the clearance or authorization of users. Agency Operator: an individual employee of a user agency identified by the user agency head or designated single point of contact as a trusted individual who has been authorized by the MCOLES to access the MCOLES Network. Authenticate: Establishing the validity of a claimed user or object. Authentication: To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. The proof of the unique alphanumeric identifier used to identify an authorized user. Authorization: The process of MCOLES review of a user application to determine what activities a user is permitted to perform. A user may be authorized for multiple types of use or activity. Technical controls may be implemented to determine authorized actions, but may not fully define or restrict the scope as specified in organizational policy, procedure, or law. Authorized Access: The ability to perform an authorized transaction or have access to MCOLES Network information that is otherwise prohibited by organizational policy or law. Chief Administrative Officer: The head of a political subdivision; e.g. mayor, chairman of the board of commissioners, city manger, village president, or township supervisor. This will be the sheriff if only employees of the sheriff s office access the MCOLES Network. Computer: A machine that can be programmed in code to execute a set of instructions (program). In an automated information system, the term computer also refers to the components inside the case: the motherboard, memory chips, and internal storage disk(s). Computer Security: Measures and controls that ensure confidentiality, integrity, and availability of computer assets, including, but not limited to, hardware, software, firmware, and information being processed, stored, and communicated. Confidential Information: Information maintained by state and local agencies that are A-1
10 exempt from disclosure governed by state or federal laws. The controlling factor for confidential information is dissemination. Confidentiality: Assurance that information is not disclosed to unauthorized persons, processes, or devices. Confidentiality Protection: Requirement of access controls such as user ID/passwords, terminal identifiers, restrictions on actions like read, write, delete, etc. Examples of confidentiality-protected information are personnel, financial, and proprietary information. Criminal Justice Agency: The courts, a governmental agency, or any sub-unit of a governmental agency which performs the administration of criminal justice pursuant to a statute or executive order and which allocates a substantial part of its annual budget to the administration of criminal justice. State and federal inspectors general offices are included. Criminal Justice Training Provider: A criminal justice agency, city, county, township, village, community college, university, state agency, corporation, or individual approved by the Michigan Commission on Law Enforcement Standards to offer training to law enforcement other than the basic law enforcement training curriculum.. Data Integrity: The validity, timeliness, accuracy, and completeness of records. Denial of Service: The result of any action or series of actions that prevents the MCOLES Network from providing information or other services to authorized users. Dial-Up: TThe service whereby a computer terminal can use the telephone to initiate and effect communication with a computer. Dial-Up Access: Access to system resources via a telephone line and a modem device. Dial-Up Line: A communications circuit that is established by a switched-circuit connection using the telephone network. Disclosure: Access to confidential or sensitive information. Field Inspection: The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures. Information Security: The result of any system of policies and/or procedures for identifying, controlling, and protecting from unauthorized disclosure or dissemination of information whose protection is authorized by executive order or statute. Inspector: Individual authorized by MCOLES to inspect MCOLES Network user agency sites and records. Internet: A global system interconnecting computers and computer networks. The A-2
11 computers and networks are owned separately by a host of organizations, government agencies, companies, and colleges. Management Control: The authority of MCOLES to set and enforce all of the following: (1) Priorities; (2) Standards for the selection, supervision and termination of user access to the MCOLES Network; and (3) Policy governing the operation of computers used to access information insofar as the equipment is used to process, store, or transmit any received information and includes the supervision of equipment, systems design, programming, and operating procedures necessary for the development and implementation of the MCOLES Network. MCOLES Network: The MCOLES Information and Tracking Network. A web-based information system used by authorized users to conduct business related to the mandates of the MCOLES. Michigan Commission on Law Enforcement Standards (MCOLES): The commission formed by Michigan Executive Directive , which combined the Commission on Law Enforcement Standards, created by Act No. 203 of the public Acts of 1965 and the Michigan Justice Training Commission, created by Act No. 302 of the Public Acts of Modem: Acronym for modulator-demodulator. A device or application that permits a computer to transmit data over telephone lines by converting digital data to an analog signal. Network: A collection of computers and other devices that is able to communicate or interchange information with each other over a shared wiring configuration. Such components may include automated information systems, packet switches, telecommunications controllers, key distribution centers, and technical control devices. Network workstation: A computer or other access device connected with a user agency network allowing the agency operator to access the Internet. Operator Agreement: A current, signed written agreement with the appropriate signatory authorities that will authorize the provision of said access set forth within the agreement. The agreement refers to the necessary security-related provisions therein. Password: A protected word or string of characters which, in conjunction with a user identifier (user ID), serves as authentication of a person's identity when accessing the MCOLES Network. Physical Security: The measures used to provide physical protection of resources against deliberate and accidental threats. The protection of building sites and equipment and information and software contained therein from theft, vandalism, natural and manmade disasters, and accidental damage. A-3
12 Point of Contact (POC): The user agency individual identified as the security point-ofcontact (POC) for access to the MCOLES Network. Recognized Basic Law Enforcement Training Academy: An agency or institution that is approved by the Michigan Commission on Law Enforcement Standards to offer the basic police training program. Registered Entity: a criminal justice agency or a criminal justice training provider identified in the MCOLES Network as a user agency. Related agency: an agency within the governmental unit of the user agency with whom the user agency must exchange sensitive information in order to fulfill legal mandates. Remote Access: Use of modem and communications software to connect to a computer network from a distant location via a telephone line or wireless connection. Security Control: Hardware, programs, procedures, policies, system user guides, operational memos and physical safeguards that are put in place to assure the integrity and protection of information and the means of processing it. The ability of the MCOLES to set, maintain, and enforce standards for the selection, supervision, and termination of personnel and policy governing the operation of computers, access devices, circuits, hubs, routers, firewalls, and other components that make up and support the MCOLES Network. Related means used to process, store, or transmit criminal justice information, guaranteeing the priority, integrity, and availability of service needed by the criminal justice community. Security Incident: Any act or circumstance that involves MCOLES Network data that deviates from the requirements of the MCOLES Network security policy or state and federal governing statutes, e.g., compromise, possible compromise, inadvertent disclosure, and deviation. Security Requirements: Types and levels of protection necessary for a system to maintain an acceptable level of security. Security Measures: Protective safeguards and controls that are prescribed to meet the security requirements specified for an automated information system. These safeguards may include, but are not necessarily limited to, hardware and software security features; operation procedures; accountability procedures; access and distribution controls; management constraints; personnel security; and physical structures, areas, and devices. Sensitive Information: Information maintained by agencies that require special precautions to protect it from unauthorized modification or deletion. Sensitive information may be either public or confidential. The controlling factor for sensitive information is that of integrity. Service Provider: An entity that provides screening, research, testing background investigation or other services for a user agency or the user agency s governmental unit. Single Point of Contact: One designated individual responsible for direct communication with the user agency regarding security and other interactions with the MCOLES Network. A-4
13 Standalone System or computer: A system or single computer that is physically and electronically isolated from all other systems and computers. It has no internal network connections and has no ability to share information between a secure and non-secure environment. It is intended to be used by one person at a time, with no data belonging to other users remaining available to the system. System Integrity: Optimal functioning of the MCOLES Network, free from unauthorized impairment or manipulation. Unauthorized Access: Obtaining access to an area, system, or resource that has been designated for authorized personnel only without such authority expressly conveyed by written agreement. Obtaining access which exceeds such expressed authority. User Agency: An authorized Michigan criminal justice agency, basic law enforcement training academy, or criminal justice training provider which has been authorized by the Michigan Commission on Law Enforcement Standards through an executed User Agency Agreement to access the MCOLES Network to exchange information with MCOLES. User Agency Agreement: A current, signed written agreement with the appropriate signatory authorities that will authorize the provision of said access set forth within the agreement. The agreement refers to the necessary security-related provisions therein. User Agency Head: The chief, sheriff, director, president, CEO, or acting agency head of a user agency. When the user agency head position is vacant the chief administrative officer of the local governing unit shall be considered the user agency head. This shall be the undersheriff in a sheriff s office if only sheriff s employees access the MCOLES Network. Wireless: A telecommunication path that does not require a landline infrastructure. A-5
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
SHP-570A 1/14 SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD For NON-CHANNELERS The goal of this document is to provide adequate security and integrity for criminal history record information (CHRI)
Appendix A: Rules of Behavior for VA Employees Department of Veterans Affairs (VA) National Rules of Behavior 1 Background a) Section 5723(b)(12) of title 38, United States Code, requires the Assistant
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
`DEPARTMENT OF VETERANS AFFAIRS VA SOUTHEAST NETWORK Automated Information System User Access Notice I understand, accept, and agree to the following terms and conditions that apply to my access to, and
United States Department of Agriculture Marketing and Regulatory Programs Grain Inspection, Packers and Stockyards Administration Directive GIPSA 3140.5 11/30/06 WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION
TITLE 78 - NEBRASKA COMMISSION ON LAW ENFORCEMENT AND CRIMINAL JUSTICE CHAPTER 3 - PROCEDURES FOR STORAGE AND DISSEMINATION OF CRIMINAL HISTORY RECORD INFORMATION 001 Purpose - To insure that each criminal
IT Security Standard: Remote Access to Bellevue College Systems Introduction This standard defines the specific requirements for implementing Bellevue College policy # 5250: Information Technology (IT)
Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 1 Policy Title: Information Privacy and Security Management Process IDENT INFOSEC1 Type of Document:
Ch. 601 AUTOMATED CRIMINAL JUSTICE 37 601.1 PART VIII. AUTOMATED CRIMINAL JUSTICE INFORMATION SYSTEMS Chap. Sec. 601. AUTOMATED CRIMINAL JUSTICE INFORMATION SYSTEMS STATEMENT OF POLICY... 601.1 CHAPTER
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
803 CMR 7.00: CRIMINAL JUSTICE INFORMATION SYSTEM (CJIS) Section 7.01: Purpose and Scope 7.02: Definitions 7.03: Criminal Justice Agency (CJA) Access to Criminal Justice Information System (CJIS) 7.04:
Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. email@example.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
OFFICE OF THE CHIEF INFORMATION OFFICER REMOTE ACCESS POLICY OCIO-6005-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section I. PURPOSE II. AUTHORITY III.
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
Lawrence Police Department Administrative Policy SUBJECT Criminal Justice Information System (CJIS) APPLIES TO All Personnel EFFECTIVE DATE REVISED DATE August 2013 APPROVED BY Chief of Police TOTAL PAGES
KRS Chapter 61 Personal Information Security and Breach Investigations.931 Definitions for KRS 61.931 to 61.934. (Effective January 1, 2015).932 Personal information security and breach investigation procedures
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
Policy for the Acceptable Use of Information Technology Resources Purpose... 1 Scope... 1 Definitions... 1 Compliance... 2 Limitations... 2 User Accounts... 3 Ownership... 3 Privacy... 3 Data Security...
Fingerprint-Based Background Check Responsibilities for Non-Criminal Justice Agencies and Users Version 1.2 Hawaii Criminal Justice Data Center March 20, 2014 Table of Contents Table of Contents... 2 I.
PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.
THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.
Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland
To view the complete Information and Security Policies and Procedures, log into the Intranet through the IRSC.edu website. Click on the Institutional Technology (IT) Department link, then the Information
HIPAA: In Plain English Material derived from a presentation by Kris K. Hughes, Esq. Posted with permission from the author. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub.
Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.
Privacy Impact Assessment Of the Office of Inspector General Information Technology Infrastructure Systems Program or application name: Office of Inspector General Information Technology Infrastructure
State of Illinois Illinois State Police LEADS AGREEMENT Please check the box that applies: [ ] New Agreement (New LEADS Agency) [ ] Agency Chief Administrator Name Change [ ] Added Agreement Addendum (refer
Sample Policies for Internet Use, Email and Computer Screensavers In many of its financial management reviews, the Technical Assistance Section has encouraged municipalities to develop and adopt policies
Information & Technology Services Management & Security Principles & Procedures Executive Summary Contact: Henry Torres, (870) 972-3033 Background: The Security Task Force began a review of all procedures
July 21, 2015 MEMORANDUM To: From Subject: All Users of DCRI Computing Equipment and Network Resources Eric Peterson, MD, MPH, Director, DCRI Secure System Usage The purpose of this memorandum is to inform
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
Privacy Impact Assessment for the Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS) United States Marshals Service Contact Point William E. Bordley Associate
Use of ESF Computing and Network Resources Introduction: The electronic resources of the State University of New York College of Environmental Science and Forestry (ESF) are powerful tools, shared among
1 L.R.O. 2001 Electronic Transactions CAP. 308B CHAPTER 308B ELECTRONIC TRANSACTIONS ARRANGEMENT OF SECTIONS SECTION PART I Preliminary 1. Short title. 2. Interpretation. 3. Non-application of Parts II
SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD The goal of this document is to provide adequate security and integrity for background check information while under the control or management of an
POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University
Brooklyn Community Services Policies and Compliance Guide relating to the HIPAA Security Rule June 2013 Table of Contents INTRODUCTION... 3 GUIDE TO BCS COMPLIANCE WITH THE HIPAA SECURITY REGULATION...
United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Information Security Incident Response Part 1. Purpose. This guideline establishes the minimum requirements for Information
PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 Current Laws: A person commits the offense of identity theft
ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between Franciscan Health System ( Hospital ), and ( Community Partner ). RECITALS
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong
SOCIAL SECURITY NUMBER PRIVACY ACT (EXCERPT) Act 454 of 2004 445.81 Short title. Sec. 1. This act shall be known and may be cited as the "social security number privacy act". 445.82 Definitions. Sec. 2.
GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving
1.0 PURPOSE To establish a policy to ensure the proper use of Coppin State University s computer and network resources and services by its employees, students, independent contractors and other computer
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information
BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data
Information Assurance Policy for Information Systems 1. Purpose... 3 2. Goals... 3 3. Applicability... 4 4. Compliance... 4 5. Roles & Responsibilities... 4 5.1. All Departments...4 5.2. FCT Information
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
Senate Bill No. 38 Committee on Transportation and Homeland Security CHAPTER... AN ACT relating to criminal records; creating the Records and Technology Division of the Department of Public Safety; enumerating
FBI CJIS SECURITY ADDENDUM The following is an expanded version of the FBI Criminal Justice Information Services (CJIS) Security Addendum. This document was created in order to assist Texas agencies and
COLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008 Current Laws: A person commits identity theft if he or she: Knowingly
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
CITY OF BOULDER *** POLICIES AND PROCEDURES CONNECTED PARTNER EFFECTIVE DATE: SECURITY POLICY LAST REVISED: 12/2006 CHRISS PUCCIO, CITY IT DIRECTOR CONNECTED PARTNER SECURITY POLICY PAGE 1 OF 9 Table of
This document is scheduled to be published in the Federal Register on 02/11/2016 and available online at http://federalregister.gov/a/2016-02788, and on FDsys.gov Billing Code: 5001-06 DEPARTMENT OF DEFENSE
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
Rev. 4/2015 Commercial Internet Banking Agreement and Disclosures 1. Coverage. This Agreement applies to your use of our commercial Internet Banking Service, which permits you to access your accounts with
Federal Bureau of Prisons Privacy Impact Assessment for the Forensic Laboratory Issued by: Sonya D. Thompson, Senior Component Official for Privacy, Sr. Deputy Assistant Director/CIO Approved by: Erika
MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 Current Laws: Identity Crime: A person is guilty of identity
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
THE BUDAPEST STOCK EXCHANGE LTD. REGULATIONS ON THE USE OF REMOTE TRADING Date and reference no. of approval/modification resolutions by the Board of Directors: Date and reference no. of approval by Supervisory
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM MAINTENANCE PROCEDURES V1.8 JULY 18, 2012 1. PURPOSE The purpose of this procedure
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
7 Security Standards: Implementation for the Small Provider What is the Security Series? The security series of papers provides guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed