UNCLASSIFIED. ICT Document No. WhoG-122. Version 1.3. Approved by Executive Director, Shared Services ICT. September 2014 UNCLASSIFIED
|
|
- Brianne Newman
- 8 years ago
- Views:
Transcription
1 Remote Access to the ACT Government Information and Communications Technology (ICT) Environment Policy Version 1.3 September 2014 Approved by Executive Director, Shared Services ICT September 2014 Shared Services ICT Quality Management System Security Management
2 Contents Purpose... 3 Scope... 3 Introduction... 3 Policy Access Individual ACT Government employees Remote sites Trusted third parties/vendors Approval process Dispute resolution Security Monitoring and logging Use of non-shared Services ICT equipment Support arrangements Technical support Documentation Evaluation measures... 5 Associated Documents... 6 Roles and Responsibilities... 6 Compliance... 7 Contact Officer... 7 Appendix A... 8 Glossary... 8 Metadata... 8 Amendment history... 8 Date issued: September 2014 Version: 1.3 Page 2 of 9
3 Purpose The intention of this policy is to ensure that the provision and use of remote access to the ACT Government ICT Environment is appropriately managed. Scope This policy: supplements the provisions of the ICT Security Policy references the Acceptable Use of ICT Resources Policy applies to all ACT Government Directorates, including contracted service providers applies to all ICT resources (see definitions below) and electronic information held on those assets. This policy does not address any human resource or personnel management issues associated with remote access. Information on these issues can be found in the Public Sector Management Best Practice Note 6.3 Management: Home Based Work and from the Directorate Personnel section. Introduction This policy is consistent with and must be implemented in accordance with the: ACT Government Purchasing Policy and Principles Guidelines Public Sector Management Best Practice Note 6.3 Management: Home Based Work ACT Government policies, guidelines and standards, in particular the: o ICT Security Policy and o Acceptable Use of ICT Resources Policy processes and procedures prepared by Shared Services ICT Directorate policies and guidelines in relation to particular ICT resources. Policy 1. Access Remote access can be granted to the ICT environment as follows: 1.1 Individual ACT Government employees A default level of access will be provided to a minimum subset of systems, e.g. to access Microsoft Office applications, Outlook and calendar and the file servers (G, H and W drives). Business Applications requests for remote access will be assessed on a case by case basis. Remote access will only be permitted where access controls can be implemented that are appropriate to address any identified threats and risks. Date issued: September 2014 Version: 1.3 Page 3 of 9
4 1.2 Remote sites For sites where a permanent WAN connection may not be viable or appropriate, requests for remote access to the ICT environment will be assessed on a case by case basis. Remote access by remote sites must be: controlled for time periods mutually agreeable to the directorate/business unit and Shared Services ICT configured so that work is performed with the minimum level of permissions. 1.3 Trusted third parties/vendors Requests for remote access to the ICT environment by trusted third parties/vendors will be assessed on a case by case basis where a demonstrated business need exists. Remote access by trusted third parties/vendors must be: Controlled. The default remote access for trusted third parties/ vendors must be for specific limited access, not for open access for time periods mutually agreeable to the Directorate, Shared Services ICT and the trusted third party/vendor contractually based, legally enforceable and in accordance with established ACT Government business processes approved by Shared Services ICT where the access, or work to be undertaken, affects the ICT environment domain configured so that the minimum level of permissions is granted for access to components and sub systems (e.g. database, file systems, applications) and work is performed with the minimum level of permissions Documented in the System Security Plan. 2. Approval process Approval is subject to: a demonstrated business need the availability of an appropriate technical solution a threat and risk assessment together with risk mitigation strategies agreed to by all stakeholders the completion of a Clearance and Approval Form any persons or parties receiving remote access signing a remote access acceptance agreement contractually based and legally enforceable arrangements are made with trusted third parties/vendors where appropriate All FORMS are signed with copies provided to Shared Services ICT Security PRIOR to the provision of the service. 3. Dispute resolution Where any involved parties (including Shared Services ICT) are unable to reach agreement, they may seek mediation by the Whole-of-Government IM/ICT Committee. Date issued: September 2014 Version: 1.3 Page 4 of 9
5 4. Security Remote access to the ICT environment must not compromise the security or integrity of the ICT environment; an ICT resource; or any information residing on an ICT resource in accordance with the provisions of the ICT Security Policy. Refer to paragraph 2 above. 5. Monitoring and logging All remote access activities are monitored and logged in accordance with the provisions of the ICT Security Policy and the Acceptable Use of ICT Resources Policy and in compliance with the ACT Workplace Privacy Act. 6. Use of non-shared Services ICT equipment Connections to ACTGOV should be initiated from computer hardware that is under the control or ownership of the individual or Directorate authorised to access the service. Where agencies allow the use of non-shared Services ICT computers for remote access Directorates must notify users: about issues of security, taxation, protection of network and occupational health and safety as detailed in the Public Sector Management Best Practice Note 6.3 Management: Home Based Work, and that the ACT government will not accept any liability for damage or failure to privately owned equipment used for remote access. 7. Support arrangements 7.1 Technical support Shared Services ICT will: develop the ACT Government Remote Access Standard develop, support and maintain the approved remote access solutions and associated infrastructure negotiate service level agreements and other support agreements with agencies specifying services, technical requirements and fees applicable to the remote access arrangements. 8. Documentation The documentation required to assist users of remote access services includes: user documentation developed and documented by Shared Services ICT a remote access acceptance agreement an acceptable use statement confidentiality and non-disclosure agreements for ALL 3 rd party staff or at contract level whichever is appropriate Police records checks for all 3 rd party personnel accessing systems that are deployed in an education environment involving minors. Date issued: September 2014 Version: 1.3 Page 5 of 9
6 The documentation required to assist directorates apply for remote access includes: a "Clearance and Approval" form and processes procedures developed and documented by Shared Services ICT 9. Evaluation measures This policy will be reviewed annually. Associated Documents ACT Government Purchasing Policy and Principles Guidelines ACT Government Remote Access Standard The Public Sector Management Best Practice Notes ACT Government Policies, Guidelines and Standards Processes and procedures prepared by Shared Services ICT Roles and Responsibilities Role Responsibilities Agencies Identify a business need; Develop an appropriate remote access technical solution in consultation with Shared Services ICT. Conduct an agency discrete assessment of specific or general threats and risks associated with remote access, and put in place risk mitigation steps or strategies. Ensure necessary arrangements have been implemented for the protection of sensitive information, security and privacy in compliance with ACT Government policies, standards and guidelines; Complete a clearance and approval or business case for determination by the Director General or the Director General's authorised delegate Ensure that trusted third parties/ vendors responsibilities and obligations regarding remote access are addressed in contracts and legally enforceable arrangements. Shared Services ICT Shared Services ICT s roles, deliverables and associated costs are defined contractually in the Service Level Agreements (SLAs) and other support agreements. Shared Services ICT will: Provide agencies with information about threats, risks and mitigation strategies that are relevant to the agency Threat and Risk Assessment. Provide minimum hardware specifications to all remote access users. Develop, in consultation with agencies, appropriate remote access technical solutions; Develop, in consultation with agencies, procedures and guidelines for accessing the Remote Access Infrastructure. Date issued: September 2014 Version: 1.3 Page 6 of 9
7 Role Responsibilities Distribute, review and revise this policy as necessary. Provide advice. Provide transitional policy support including Provide assistance with the completion of TRA and Risk Mitigation templates. Advise whether the TRA has identified all stakeholders and all major whole of government risks. Approve the satisfactorily completed Clearance and Approval Form with supporting TRA s and risk mitigation. Provide mediation when requested. Compliance If, as a result of an audit or other circumstance, an agency is found to have not complied with this Policy, the appropriate Director General will be informed with details of noncompliance in writing. Contact Officer For any queries about this Policy, contact the Shared Services ICT Policy Office. Date issued: September 2014 Version: 1.3 Page 7 of 9
8 Appendix A Glossary Term ICT Environment ICT Resources Remote Access Remote sites Definition The ICT technologies utilised to conduct ACT Government business. The ICT environment can be categorised as the operational, production or test domains. All ACT Government ICT networks, equipment, systems and applications (e.g. hardware and software), , the Internet and Internet . The ability to get access to a computer or a network from a remote distance A normal place of work for ACT Government employees that is not connected to the ACTGOV network. NOTE: Other terms may be found in the Shared Services ICT Glossary of Terms. Metadata Owner: Document location: Review cycle: Senior Manager, Shared Services ICT Security This policy should be reviewed every 24 months or when conditions significantly change, whichever is the shorter. Note: This is a CONTROLLED document. Any documents appearing in paper form are not controlled and should be checked against the intranet version prior to use. Amendment history Ver no. Issue date Amendment details Author Approval 1.0 Dec 2001 Initial release. ACTIM Supported by ISG & IMCC, endorsed by ACTIS Mgt Board, approved by CE CMD /11/2006 Minor revision Policy Office Endorsed by Policy Review Group - Oct May 2012 Revision due to restructure of Shared Services ICT. Minor changes to reflect Auditor general findings. 1.3 September Add Bolden Jame Privacy Act 1988 to Information Privacy Act Kerry Webb Peter Major, Greg Tankard Executive Director, Shared Services ICT Executive Director Shared Services ICT Executive Date issued: September 2014 Version: 1.3 Page 8 of 9
9 Ver no. Issue date Amendment details Author Approval Cosmetic changes responsible for ICT Security Date issued: September 2014 Version: 1.3 Page 9 of 9
Managing Outsourcing Arrangements
Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS
More informationGatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria
Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from
More informationObjective and key requirements of this Prudential Standard
Prudential Standard CPS 231 Outsourcing Objective and key requirements of this Prudential Standard This Prudential Standard requires that all outsourcing arrangements involving material business activities
More informationMobile Devices Policy
Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records
More informationStandard Operating Procedure. Authority to access and monitor University IT Account holder communications and data
Standard Operating Procedure Title: Authority to access and monitor University IT Account holder communications and data Version: 2.0 Effective Date March 2016 Summary Describes the approval process and
More informationTechnical Project Manager JOB DESCRIPTION
JOB TITLE: BUSINESS UNIT: REPORTS TO: Technical Project Manager ICT Manager, ICT EA GRADE: Non-EA Position DATE APPROVED: 17/12/2015 JOB SPECIFICATION SUMMARY OF THE BROAD PURPOSE OF THE JOB The Technical
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationAPES GN 30 Outsourced Services
APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: March 2013 Copyright 2013 Accounting Professional & Ethical Standards Board Limited
More informationInformation Security and Governance Policy
Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information
More informationQUALITY MANAGEMENT SYSTEM MONITORING (TAFE)
PROCEDURE QUALITY MANAGEMENT SYSTEM MONITORING (TAFE) Procedure Responsibilities Definitions Related Legislation and Documents Appendix 1: Quality System Documentation Flowchart Appendix 2: Quality Improvement
More informationSCHEDULE 3 Generalist Claims 2015
SCHEDULE 3 Generalist Claims 2015 Nominal Insurer And Schedule 3 (Claims) Page: 1 of 23 Contents Overview... 3 1. Scope of Services... 4 1.1 Claims Services... 4 1.2 Claims Process... 5 1.3 Assessment
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationS e r v i c e D e s k Team Leader Position Description
Position Title: Service Desk Team Leader Group/Division/Team Business Technology Services / IT Operations Division Date October 2011 Reports to Manager Client Services Roles Reporting to This None Primary
More informationSt Hugh s School. Remote Access Policy
St Hugh s School Remote Access Policy Remote Access Policy v1.0 17/11/15 Item Title Page number 1.0 Introduction 2 1.6 Definitions 2 2.0 Scope and limitations 3 3.0 Available remote services 3-4 4.0 Method
More information1.1 An initial request to enter into a contractual arrangement may be initiated by either Massey University or another party (Other Party).
CONTRACT MANAGEMENT PROCEDURE Section Risk Management Contact Risk Manager Last Review February 2013 Next Review February 2016 Approval Not required Procedures Contract Initiation Request Mandatory Guidance
More informationICT SERVICE LEVEL AGREEMENT MANAGEMENT POLICY (EXTERNAL SERVICE PROVIDERS/VENDORS)
ICT SERVICE LEVEL AGREEMENT MANAGEMENT POLICY (EXTERNAL SERVICE PROVIDERS/VENDORS) TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIMS OF THE POLICY...
More informationHow To Manage A 9-1-1 Service In Texas
INTERLOCAL AGREEMENT FOR E9-1-1 PUBLIC SAFETY ANSWERING POINT SERVICES Article 1: Parties & Purpose 1.1 The Houston-Galveston Area Council (RPC) is a regional planning commission and political subdivision
More informationJOB DESCRIPTION CONTRACTUAL POSITION
Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical
More informationInformation Commissioner's Office
Information Commissioner's Office IT Procurement Review Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Last updated 18 June 2012 Will Simpson Senior Manager T: 0161 953 6486 E: will.g.simpson@uk.gt.com
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationARTWORK COMMISSION AGREEMENT
ARTWORK COMMISSION AGREEMENT THIS AGREEMENT is made the day of in the year BETWEEN the Minister for Works of Level 6, 16 Parkland Road, Osborne Park, WA 6017 being the body corporate created under Section
More informationSURE 5 Zone DDoS PROTECTION SERVICE
SURE 5 Zone DDoS PROTECTION SERVICE Sure 5 Zone DDoS Protection ( the Service ) provides a solution to protect our customer s sites against Distributed Denial of Service (DDoS) attacks by analysing incoming
More informationCHINA PIONEER PHARMA HOLDINGS LIMITED
Purpose CHINA PIONEER PHARMA HOLDINGS LIMITED (Incorporated in the Cayman Islands with limited liability) (Stock Code: 01345) Terms of Reference for Audit Committee of the board of directors of the Company
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationMedical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions
Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationNetwork Resource Management Directive
Office of the Prime Minister Central Information Management Unit Directive document CIMU D 0036:2003 Network Resource Management Directive Version: 1.0 Effective date: 10.12.2003 Table of Contents 1. Purpose...3
More informationEDRMS Procurement and Pre- Implementation
GPO Box 2343 Adelaide SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa. gov.au EDRMS Procurement and Pre- Implementation August 2009 Version 3.1 Table
More informationRemote Access and Network Security Statement For Apple
Remote Access and Mobile Working Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Remote Access and
More informationProposed Principles to be addressed in APES GN 20 Outsourced Accounting Services
Proposed Principles to be addressed in APES GN 20 Outsourced Accounting Services Roles and Responsibilities The proposed Guidance Note 20 Outsourced Accounting Services (GN 20) will set out the various
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationChange & configuration management
2008-01-18 12:42:00 G007_CHANGE_AND_CONFIGURATION_MANAGEMENT Change & configuration management Guidelines Page 1 of 11 1. Preliminary 1.1 Authority This document is issued by the (the Commission) pursuant
More informationTrust Operational Policy. Information Security Department. Third Party Remote Access Policy
Trust Operational Policy Information Security Department Policy Reference: 3631 Document Control Document Title Author/Contact Document Reference 3631 Pauline Nordoff-Tate, Information Assurance Manager
More informationSoftware Licenses Managing the Asset and Related Risks
AUDITOR GENERAL S REPORT ACTION REQUIRED Software Licenses Managing the Asset and Related Risks Date: February 4, 2015 To: From: Wards: Audit Committee Auditor General All Reference Number: SUMMARY The
More informationTICSA. Telecommunications (Interception Capability and Security) Act 2013. Guidance for Network Operators. www.gcsb.govt.nz www.ncsc.govt.
TICSA Telecommunications (Interception Capability and Security) Act 2013 Guidance for Network Operators www.gcsb.govt.nz www.ncsc.govt.nz Contents Introduction...2 Overview of the Guidance...3 Focus of
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationInformation Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
More informationCOMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance
Back-up Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Back Up Policy Version Date 10/10/12 Effective
More informationCode of Professional Conduct for Accredited Suppliers of Monitored Medical Alarms
Code of Professional Conduct for Accredited Suppliers of Monitored Medical Alarms This Code of Conduct (the Code) applies to all Ministry of Social Development (MSD) accredited suppliers of monitored medical
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationHow To Deal With Cloud Computing
A LEGAL GUIDE TO CLOUD COMPUTING INTRODUCTION Many companies are considering implementation of cloud computing services to decrease IT costs while providing the flexibility to scale usage on demand. The
More informationEA-ISP-004-Outsourcing and Third Party Access
Technology & Information Services EA-ISP-004-Outsourcing and Third Party Access Owner: Adrian Hollister Author: Paul Ferrier Date: 16/01/2015 Document Security Level: PUBLIC Document Version: 1.01 Document
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationUMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE
UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE Originator Patch Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationASIAN PACIFIC TELECOMMUNICATIONS PTY LTD STANDARD FORM OF AGREEMENT. Schedule 3 Support Services
ASIAN PACIFIC TELECOMMUNICATIONS PTY LTD STANDARD FORM OF AGREEMENT Schedule 3 Support Services December 2013 Table of Contents 1. SERVICE SCHEDULE 3 SUPPORT SERVICES... 3 1.1 OVERVIEW... 3 1.2 STANDARD
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationSystem Center Configuration Manager
System Center Configuration Manager Software Update Management Guide Friday, 26 February 2010 Version 1.0.0.0 Baseline Prepared by Microsoft Copyright This document and/or software ( this Content ) has
More informationInformation & ICT Security Policy Framework
Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationService Schedule for Business Email Lite powered by Microsoft Office 365
Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft
More informationSCHEDULE 25. Business Continuity
SCHEDULE 25 Business Continuity 1. Scope 1.1 This schedule covers TfL s requirements in respect of: any circumstance or event which renders, or is likely (in TfL s absolute discretion (subject to paragraph
More informationADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0
ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright
More informationDigital Continuity in ICT Services Procurement and Contract Management
Digital Continuity in ICT Services Procurement and Contract Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationInformation security due diligence
web applications and websites W A T S O N H A L L Watson Hall Ltd London 020 7183 3710 Edinburgh 0131 510 2001 info@watsonhall.com www.watsonhall.com Identifying information security risk for web applications
More informationProgramme Governance and Management Plan Version 2
PROCESS FOR CHANGE - Detailed Design Programme Governance and Management Plan Version 2 1 INTRODUCTION In October 2008, the Council approved the selection of seven opportunity themes to take forward from
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationCustomer Responsiveness Strategy
Customer Responsiveness Strategy Dated 23 June 2006. Telstra Corporation Limited (ABN 33 051 775 556) ( Telstra ) Disclaimer This Customer Responsiveness Strategy is being published in furtherance of Telstra
More informationCONTRACT MANAGEMENT POLICY
CONTRACT MANAGEMENT POLICY Section Finance Approval Date 25/08/2014 Approved by Directorate Next Review Aug 2016 Responsibility Chief Operating Officer Key Evaluation Question 6 PURPOSE The purpose of
More informationINFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationBring Your Own Devices (BYOD) Information Governance Guidance
Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations wishing to enable the use of Bring Your Own
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More information<COMPANY> P01 - Information Security Policy
P01 - Information Security Policy Document Reference P01 - Information Security Policy Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 09 November 2009: Initial release.
More information3.2 This situation is also experienced by Officers who also need remote access to Council networks.
Report Asset Management Committee 29 September 201 15- BROADBAND ACCESS TO COUNCIL NETWORKS 1. Reason for Report To seek Members' approval to undertake a pilot project which will lead to the introduction
More informationTENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review
TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review CLOSING DATE & TIME FRIDAY, 23 JANUARY 2015 17H00 (Namibian Time) POSTAL & PHYSICAL ADDRESS
More informationInformation Security Controls for Website Development and Hosting
Information Security Controls for Website Development and Hosting Version: 1.0 Author: ictqatar Classification: Internal Date of Issue: 18 th August 2011 Information Security Controls for Website Hosting
More informationService Level Agreement for Database Hosting Services
Service Level Agreement for Database Hosting Services Objective Global Service Levels include the general areas of support that are applicable to every ITS service. The purpose of the Service Level Agreement
More informationAppendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF INTERNET- BASED NETWORK SECURITY
Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF INTERNET- BASED NETWORK SECURITY DISTRIBUTION LIST Audit Team David Esling, Head of Audit Assurance, Risk
More informationAPB ETHICAL STANDARD 5 (REVISED) NON-AUDIT SERVICES PROVIDED TO AUDITED ENTITIES
APB ETHICAL STANDARD 5 (REVISED) NON-AUDIT SERVICES PROVIDED TO AUDITED ENTITIES (Revised December 2010, updated December 2011) Contents paragraph Introduction 1 4 General approach to non-audit services
More informationInformation Integrity & Data Management
Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is
More informationPayment Processing Agreement
Payment Processing Agreement Dated 2015 Cabcharge Australia Ltd. ( Cabcharge ( Payment Processor Payment Processing Agreement Details 3 General terms 4 1 Access to and use of the System 4 1.1 Access to
More informationICT (INFORMATION AND COMMUNICATION TECHNOLOGY) HELP DESK SUPPORT OFFICER
ICT (INFORMATION AND COMMUNICATION TECHNOLOGY) HELP DESK SUPPORT OFFICER The ICT Help Desk Support Officer is the first point of contact for all ICT Support and utilises their knowledge, training and skills
More informationGUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK
GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive
More informationTechnical Help Desk Terms of Service
Technical Help Desk Terms of Service This esecuritel Technical Help Desk Terms of Service (the Agreement ) is provided in connection with the eligible tablet enrolled in either the Advanced Protection
More informationNegotiating the cloud legal issues in cloud computing agreements
Negotiating the cloud legal issues in cloud computing agreements Better Practice Guide JULY 2012 AGIMO is part of the Department of Finance and Deregulation Contents Introduction 3 Overview of cloud computing
More informationWe released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions
We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions SCHEDULE 4 KEY PERFORMANCE INDICATORS, SERVICE LEVELS AND
More information2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.
REPORT TO: SCRUTINY COMMITTEE 25 JUNE 2013 REPORT ON: REPORT BY: INTERNAL AUDIT REPORTS CHIEF INTERNAL AUDITOR REPORT NO: 280-2013 1.0 PURPOSE OF REPORT To submit to Members of the Scrutiny Committee a
More informationINTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE. Guiding Principles on Cloud Computing in Law Enforcement
INTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE Guiding Principles on Cloud Computing in Law Enforcement Cloud computing technologies offer substantial potential benefits to law enforcement and government
More informationService Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365
1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service
More informationDomain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services
Service Level Agreement Page 1 of 7 Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services 1. Agreement This agreement is to define Domain Name Service (DNS) provided
More informationGlendale Community College Microsoft Office SharePoint Server 2007 Initiative Vision/Scope Document. Version 1.0
ware Architects, Inc. Proposal to XXXXX Date Glendale Community College Microsoft Office SharePoint Server 2007 Initiative Vision/Scope Document Software Architects, Inc. Proposal to XXXXX Date Version
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More informationPATCH MANAGEMENT POLICY IT-P-016
IT-P-016 Date: 28 th March, 2016 Stamford International University ( STIU ) Patch Management Policy Rationale Stamford International University ( STIU ) is responsible for ensuring the confidentiality,
More informationINTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE. Guiding Principles on Cloud Computing in Law Enforcement
INTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE Guiding Principles on Cloud Computing in Law Enforcement Cloud computing technologies offer substantial potential benefits to law enforcement and government
More informationThird Party Identity Services Assurance Framework. Information Security Registered Assessors Program Guide
Third Party Identity Services Assurance Framework Information Security Registered Assessors Program Guide Version 2.0 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work
More informationECH Inc POSITION DESCRIPTION. 3. Classification: As per contract negotiated with the incumbent
ECH Inc POSITION DESCRIPTION 1. Position title: Manager Retirement Living 2. Accountable to: Manager Independent Retirement Living 3. Classification: As per contract negotiated with the incumbent 4. Position
More informationBIG LOTTERY FUND Document archive and retention policy
BIG LOTTERY FUND Document archive and retention policy December 2010 Sonia Howe Head of Information Governance For further information regarding retention schedules please contact Page 1 of 18 Version
More informationIBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing
IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed
More information[Example] Social Media Acceptable Use Policy
[Example] Social Media Acceptable Use Policy Overview The [agency] recognises that there are legitimate business and personal reasons for using social media at work or using corporate computing resources.
More informationIT ACCESS CONTROL POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationDundalk Institute of Technology. Outsourcing/Third Party Access Policy. Version 1.1
Dundalk Institute of Technology Outsourcing/Third Party Access Policy Version 1.1 1 Document Location..\DkIT_Policy_Documents\Policies Revision History Date of this revision: Date of next review: Version
More informationDaltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual
Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That
More information