INFORMATION MANAGEMENT AND SECURITY POLICY
|
|
- Poppy George
- 7 years ago
- Views:
Transcription
1 INFORMATION MANAGEMENT AND SECURITY POLICY Technology Department 2016
2 Table of Contents 1. INTRODUCTION Preamble Objectives Scope LEGAL FRAMEWORK GUIDING PRINCIPLES Management and protection of information assets Reporting incidents Intellectual or legal property rights Protection of confidential information Continuity of the Organization's activities Training and awareness building Right of oversight ACCOUNTABILITY FOR THE POLICY Person responsible for administration, finance and human resources Person responsible for information security Person responsible for information technology FINAL PROVISIONS Measures in the event of non-compliance with the Policy Review and revision Effective date... 9 Information management and security policy 2
3 1. INTRODUCTION 1.1 Preamble Groupe Ultima Inc. ("Ultima") acknowledges that information is essential to its day-to-day operations, and correspondingly, that information must be evaluated, appropriately used and suitably protected. Ultima also acknowledges that it holds or has access to personal and sensitive information that can have legal, administrative or economic value. Consequently, Ultima is implementing this Information Management and Security Policy, which states the Organization's position on the security mechanisms considered essential to the protection of information resources (i.e., assets). Reliable and effective management and security rely on the ongoing involvement and support of all the employees and the individuals contractually linked to Ultima, who use Company information as part of their job. These employees and contractors are responsible for managing the information under their control and custody, and for complying with the standards and policies herein. 1.2 Objectives Given that Ultima receives, uses and transmits a significant amount of information as a result of the nature of its services, the implementation of an overall Information Management and Security Policy is considered necessary. The objective of this Policy is to establish a formal framework overseeing the use of computer equipment and information throughout Ultima's technological (computer and telecommunications) network, from work stations to servers. More specifically, the main objective of this Policy is to guarantee that the information under Ultima's control is managed and secured effectively and efficiently in order to avoid compromising its credibility and compliance. This Policy is also aimed at ensuring compliance with laws, regulations and other obligations as regards the use of information and information technology. The following are the Organization's more specific objectives with regard to information security: To ensure availability, integrity and confidentiality in the use of information assets and computer networks; To ensure respect for individual privacy, including the confidentiality of all identifying information relating to the Organization's clients and employees; To gather together the guidelines and the roles and responsibilities of security stakeholders. Information management and security policy 3
4 This Policy includes a series of guidelines, procedures, standards and practices, clarifying the terms and obligations arising out of the Policy, in order to implement an information management and security mechanism. 1.3 Scope This Policy applies to the following: Information assets Those belonging to and exploited by the Organization; Those belonging to the Organization but exploited or held by a service provider; Those belonging to third parties. Employees of the Organization: All employees of the Organization, be they regular or casual, and regardless of status, as well as any duly authorized person using the Organization's information assets. Consultants using and having access to Company property or having the Organization's property in their custody have the same obligations as the Organization's employees. Activities: All activities involving the handling or use of any kind of the Organization's information assets, whether they take place on the Organization's premises, in another location or remotely. 2. LEGAL FRAMEWORK The Organization is subject to and must ensure its compliance with the following laws. The following list is non-exhaustive: Canadian Charter of Rights and Freedoms (1982, c. 11) Charter of Human Rights and Freedoms (CQLR c. C-12) Civil Code of Québec (CQLR, 1991, c. 64) Criminal Code of Canada Canadian Copyright Act (RSC, 1985, c. C-42) An Act to Establish a Legal Framework for Information Technology (CQLR c. C-1.1) An Act Respecting the Distribution of Financial Products and Services (CQLR c. D-9.2) Trade-marks Act (RSC 1985, c. T-13) Personal Information Protection and Electronic Documents Act (SC 2000, c. 5) An Act Respecting the Protection of Personal Information in the Private Sector (CQLR c P-39.1) Information management and security policy 4
5 Archives Act (CQLR c. A-21.1) An Act Respecting Insurance (CQLR c. A-32) Insurance Companies Act (SC 1991, c. 47). 3. GUIDING PRINCIPLES 3.1 Management and protection of information assets The Organization's information assets are essential to its day-to-day operations and must be subject to appropriate use and protection. This overall Information Management and Security Policy is based on the following guiding principles: Management of information assets a. The information contained in the information assets is presumed confidential; b. Information assets are managed in such a way as to facilitate legal access to them, foster the trust of clients and partners, and optimize the use of information in accordance with the obligations imposed by laws and regulations; c. The gathering, use and communication of personal information must be restricted to the minimum amount necessary for the provision of services, in accordance with personal information protection laws and other laws in effect. Furthermore, the information created, acquired or stored to meet the Organization's needs must be relevant, reliable and complete; d. The gathering, use and communication of information, regardless of the type of information or the type of media on which it is stored, must be done in such a way as to protect its authenticity, integrity and clarity, for as long as necessary; e. Accountability structures must be implemented. Protection levels are assigned according to the sensitivity of the information assets and their exposure to the risk of accidents, errors and malicious use; f. Managers, and especially those designated to be owners/holders of information assets, have primary responsibility for the management of these assets, the use of those assets by employees and the application of necessary supervisory measures; g. The use of information assets is a privilege, not a right. This privilege can be withdrawn at any time. Any user not complying with the overall Information Management and Security Policy, including its guidelines, may have this privilege revoked. Information management and security policy 5
6 Protection of information assets h. Periodic assessments must be carried out on the risks and threats to, and the protective measures for, information assets, to remain assured that the deployed protection measures are in alignment with the risks and threats; i. Documents that are essential to the continuity of key services and operations must be protected; j. Information that is no longer required for operational purposes must be destroyed in a timely manner; k. Information security management must be included and applied throughout the life cycle of all information assets; l. No individual shall modify or destroy without authorization any data, software programs or packages, documentation, information systems, or computer or telecommunications equipment. 3.2 Reporting incidents All users are required to immediately report to the head of administration any irregularity, violation of this Policy, or act likely to represent an actual or alleged violation of security regulations such as theft, unauthorized network or system access, wilful damage, misuse, fraud or information disclosure. 3.3 Intellectual or legal property rights Users must comply with legal requirements regarding the use of products that could be subject to intellectual property rights and the use of proprietary software products. Making copies of software is authorized only for security purposes. 3.4 Protection of confidential information All electronic and non-electronic information considered confidential or sensitive must be protected against unauthorized and unlawful access and use. Information considered confidential, within the meaning of personal information protection laws, includes personal information, identifying information and any information whose disclosure could reduce the effectiveness of security measures designed to protect property or persons. 3.5 Continuity of the Organization's activities Information management and security policy 6
7 The Organization must have emergency measures in place, as outlined in its business and service continuity plan. These measures should be set down in writing, tested and updated regularly to ensure that the information assets deemed essential can be back in operation within a reasonable amount of time after a major disaster. 3.6 Training and awareness building All managers in the Organization must build the awareness of their staff on the issue of information asset security, on the consequences of a security breach and on the roles and obligations of all employees in the asset protection process. In order to minimize potential security risks, managers must also ensure that all staff is trained on security procedures and on the proper use of information assets. 3.7 Right of oversight The Organization has a right to oversee users' use of its information assets including the Internet, and telephony and systems. The circumstances under which this right of oversight may be exercised shall be defined and distributed to users in the guidelines resulting from the Policy. This right of oversight will be exercised in compliance with applicable laws including the Canadian Charter of Rights and Freedoms (1982) and Quebec's Charter of Human Rights and Freedoms (CQLR c. C-12). 4. ACCOUNTABILITY FOR THE POLICY Ultima's executive committee must approve this Policy, and ensure that it is implemented and that its application within corporate operations is monitored. It must also establish the Information Management and Security Committee to act as a coordination and consultation mechanism within the Organization. The Information Management and Security Committee nominates the person responsible for applying the overall Policy and the person responsible for information security. It also makes recommendations to the executive committee about overall directions and guidelines. 4.1 Person responsible for administration, finance and human resources Application of the overall Information Management and Security Policy comes under the jurisdiction of the Vice-President of Administration, Finance and Human Resources, who must ensure that all the Organization's managers and employees share the same values and overall directions in the area of security. To these ends, the Vice-President of Administration, Finance and Human Resources oversees the application of the Policy within the Organization, provides the financial and logistical support needed for the implementation and application of this Policy, submits to Information management and security policy 7
8 the board of directors a summary report on the application of the Policy, exercises his or her power of investigation and, when necessary, applies the sanctions set out in this Policy. 4.2 Person responsible for information security The execution of all measures related to information security comes under the jurisdiction of the Vice-President of Technology, who acts as the designated person responsible for coordinating information security for the Organization. To these ends, the Vice-President of Technology has the following responsibilities: To propose information security guidelines and communicate them to the Organization's employees, clients and partners; To develop information security policies and to monitor and periodically update them; To ensure compliance with the information security policy; To enquire about security requirements from information holders and managers, propose solutions and coordinate the implementation of these solutions; To provide security support and advice to the holders of information assets; To propose the standards, guidelines and procedures arising from the implementation of this Policy; To manage all aspects relating to the escalation of security incidents and to assess the security situation. 4.3 Person responsible for information technology The application of requirements relating to the security of information assets falls under the jurisdiction of the Vice-President of Technology. The person responsible for information technology implements the security requirements for the Organization's information assets, and has the following main responsibilities: To ensure the security of information assets; To ensure the availability, integrity and confidentiality of information assets, as per the requirements defined by the holders of those assets; To ensure that access by employees working in information technology is restricted to the information vital to the performance of their duties; To supervise the application of the guidelines, practices and standards. 5. FINAL PROVISIONS 5.1 Measures in the event of non-compliance with the Policy Information management and security policy 8
9 Any violation of or non-compliance with this overall Information Management and Security Policy may result in administrative and/or disciplinary measures, such as a notice, reprimand, suspension or even immediate dismissal, depending on the circumstances and in proportion to the behaviour in question. The responsibility for deciding on the appropriate measures in the event of a violation of or non-compliance with this Policy falls under the jurisdiction of those responsible for corporate functions, in conjunction with those responsible for the administration. The executive committee may also transmit to the competent authorities any information leading it to believe that a violation of any applicable law or regulation has occurred. 5.2 Review and revision This Policy shall be subject to periodic reviews by the Information Management and Security Committee, and may be modified as needed to bring it in line with the relevant legal and/or regulatory provisions or to reflect new practices or means of operation of the Company. Employees shall be advised promptly of any modifications. 5.3 Effective date This overall Information Management and Security Policy came into effect on January 15, Information management and security policy 9
Policy on the Security of Informational Assets
Policy on the Security of Informational Assets Policy on the Security of Informational Assets 1 1. Context Canam Group Inc. recognizes that it depends on a certain number of strategic information resources
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationIT1. Acceptable Use of Information Technology Resources. Policies and Procedures
IT1 Policies and Procedures Acceptable Use of Information Technology Resources Originator: Information Technology Governance Committee Approver: President s Council Effective: October 16, 2007 Replaces:
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationINFORMATION SECURITY MANAGEMENT POLICY
INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationPolitique de sécurité de l information Information Security Policy
Politique de sécurité de l information Information Security Policy Adoptée par le Conseil d administration Le 10 novembre 2011 Adopted by the Board of Directors on November 10, 2011 Table of contents FOREWORD
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationCal Poly Information Security Program
Policy History Date October 5, 2012 October 5, 2010 October 19, 2004 July 8, 2004 May 11, 2004 January May 2004 December 8, 2003 Action Modified Separation or Change of Employment section to address data
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationInformation Security and Electronic Communications Acceptable Use Policy (AUP)
Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern
More informationTJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT
PRIVACY POLICY STATEMENT Purpose: It is the policy of this Physician Practice that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and California
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationREVIEWED BY Q&S COMMITTEE ON THE 4 TH JUNE 2015. Social Media Policy
Social Media Policy SOCIAL MEDIA POLICY This Policy applies to all academy staff regardless of their employment status. It is to be read in conjunction with the E Safety and Data Security Policy. This
More informationPOLICIES AND REGULATIONS Policy #78
Peel District School Board POLICIES AND REGULATIONS Policy #78 DIGITAL CITIZENSHIP Digital Citizenship Digital citizenship is defined as the norms of responsible behaviour related to the appropriate use
More informationUse of ESF Computing and Network Resources
Use of ESF Computing and Network Resources Introduction: The electronic resources of the State University of New York College of Environmental Science and Forestry (ESF) are powerful tools, shared among
More informationSheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy
Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy Introduction This Telephone and Computer Information Access Policy (the "Policy") governs
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationPersonal Health Information Privacy Policy
Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationINFORMATION SECURITY PROCEDURES
INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures
More informationPOLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW
Compliance Policy Number 1 POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013 Compliance Plan To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW Sound Inpatient Physicians,
More informationMarist College. Information Security Policy
Marist College Information Security Policy February 2005 INTRODUCTION... 3 PURPOSE OF INFORMATION SECURITY POLICY... 3 INFORMATION SECURITY - DEFINITION... 4 APPLICABILITY... 4 ROLES AND RESPONSIBILITIES...
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationNATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR. Version 1.0 08/08/05
NATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR Version 1.0 08/08/05 VERSION HISTORY Version # Implemented By Revision Date Reason 1.0 James Tolson 08/08/05 Page 2 of 12 TABLE OF CONTENTS 1 INTRODUCTION...
More informationMental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
More informationSAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION
SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.
More informationKEELE UNIVERSITY IT INFORMATION SECURITY POLICY
Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationAcceptable Use and Security of UBC Electronic Information and Systems
The University of British Columbia Board of Governors Policy No.: 104 Approval Date: June 2013 Title: Responsible Executive: Vice-President, Academic and Provost Deputy Vice-Chancellor (UBC Okanagan) Acceptable
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More informationMacarthur Minerals Limited CODE OF CONDUCT. February 2012
Macarthur Minerals Limited CODE OF CONDUCT February 2012 MACARTHUR MINERALS LIMITED AND ITS SUBSIDIARIES (THE COMPANY OR MACARTHUR ) CODE OF CONDUCT 1. INTRODUCTION 1.1 The Macarthur Mineral Limited (including
More informationWright State University Information Security
Wright State University Information Security Controls Policy Title: Category: Audience: Reason for Revision: Information Security Framework Information Technology WSU Faculty and Staff N/A Created / Modified
More informationResponsible Use of Technology and Information Resources
Responsible Use of Technology and Information Resources Introduction: The policies and guidelines outlined in this document apply to the entire Wagner College community: students, faculty, staff, alumni
More informationSpecific Terms and Conditions of LINE Services for Business Partners: LINE Business Connect
Specific Terms and Conditions of LINE Services for Business Partners: LINE Business Connect Article 1 (Purpose) These Specific Terms and Condition of LINE Services for Business Partners: LINE Business
More informationCODE OF ETHICS AND BUSINESS CONDUCT
CODE OF ETHICS AND BUSINESS CONDUCT Date of Issue: 22 January 2015 Version number: 2 LUXFER HOLDINGS PLC Code of Ethics and Business Conduct Luxfer Holdings PLC is committed to conducting its business
More informationDocument Title: System Administrator Policy
Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated
More informationCOMPUTER USE POLICY. 1.0 Purpose and Summary
COMPUTER USE POLICY 1.0 Purpose and Summary 1. This document provides guidelines for appropriate use of the wide variety of computing and network resources at Methodist University. It is not an all-inclusive
More informationCOUNCIL POLICY R180 RECORDS MANAGEMENT
1. Scope The City of Mount Gambier Records Management Policy provides the policy framework for Council to effectively fulfil its obligations and statutory requirements under the State Records Act 1997.
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More information15 December 2015. Crime Prevention and Anti-Fraud Policy
15 December 2015 Crime Prevention and Anti-Fraud Policy Content 1. Purpose 3 2. Scope 3 3. Action Principles 3 4. Control, Evaluation, and Revision 4 Look after the Environment. Print in black and white,
More informationHow To Use A Telemedia Service For Free
The following terms and conditions ( Terms and Conditions ) shall apply in relation to Digital Subscriber Line ( DSL ) and Wireless High Speed (WHS) Internet Services provided by Telemedia to the Customer:
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationAPPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5
PAGE 1 of 5 PURPOSE Triton College s computer and information network is a continually growing and changing resource supporting thousands of users and systems. These resources are vital for the fulfillment
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationDHHIT Network Security Standards and Procedures
DHHIT Network Security Standards and Procedures Contents 1. Introduction 2 2. Scope 2 3. Definitions 2 4 Employment practices 2 5 Employee responsibility 3 6 Physical security 3 7 Network and Systems Security
More informationADMINISTRATIVE MANUAL Policy and Procedure
ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,
More information1st June 2005. Internet Access Service Provider (IASP) Sub-Code for the Communications and Multimedia Industry Malaysia
1st June 2005 for the Communications and Multimedia Industry Malaysia TABLE OF CONTENTS PART 1 - INTRODUCTION...2 PART 2- GENERAL RULES OF THE CODE FOR INTERNET ACCESS SERVICE PROVIDERS...6 PART 3- REVIEW
More informationAPHIS INTERNET USE AND SECURITY POLICY
United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This
More informationRules for the use of the IT facilities. Effective August 2015 Present
Rules for the use of the IT facilities Effective August 2015 Present INFORMATION MANAGEMENT GUIDE RULES FOR THE USE OF THE UNIVERSITY S IT FACILITIES ( The Rules ) 1. Introduction 2. Interpretation 3.
More information1. Compliance with Laws, Rules and Regulations
CODE OF BUSINESS CONDUCT - EXAMPLE INTRODUCTION This Code of Business Conduct covers a wide range of business practices and procedures. It does not cover every issue that may arise, but it sets out basic
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationCODE OF BUSINESS CONDUCT AND ETHICS
1.0 INTRODUCTION Integrity is a core value of British Columbia Ferry Services Inc. and its subsidiaries ( BCF or the Company ). It is a fundamental principle of this organization that all Directors, Officers,
More informationNew Mexico Highlands University (NMHU) Information Technology Services (ITS) Information Technology Resources Policy: Internet, Intranet, Email,
New Mexico Highlands University (NMHU) Information Technology Services (ITS) Information Technology Resources Policy: Internet, Intranet, Email, Computer, And Networking Technologies Usage 1.0 Purpose
More informationWebsite & Email Hosting Terms & Conditions
Website & Email Hosting Terms & Conditions 1-PARTIES Web Hosting Services are provided by TimeForCake Creative Media, Inc. ("TimeForCake") to Client conditional on the terms and conditions set forth below
More informationCity of Grand Rapids ADMINISTRATIVE POLICY
City of Grand Rapids ADMINISTRATIVE POLICY NUMBER: 84-02 DATE: 7/23/84 REVISIONS: 6/17/88; 11/7/00 (replaces old #84-02, #95-07, & #95-08); 6/13/08; 11/26/13 ISSUED BY: City Manager SIGNED: SUBJECT: ELECTRONIC
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationForrestville Valley School District #221
Forrestville Valley School District #221 Student Acknowledgment of Receipt of Administrative Procedures for Acceptable Use of the Electronic Network 2015-2016 All use of electronic networks shall be consistent
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationIRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411
IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
More informationYORK REGION DISTRICT SCHOOL BOARD
WORKING DOCUMENT YORK REGION DISTRICT SCHOOL BOARD Policy and Procedure #194.0, Use of Technology Procedure #194.1, Use of Non-Board Devices Procedure #194.2, Password Management The Use of Technology
More informationTitle: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION
Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for
More informationM E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General
M E M O R A N D U M To: From: IT Steering Committee Brian Cohen Date: March 26, 2009 Subject: Revised Information Technology Security Procedures The following is a revised version of the Information Technology
More informationPreparing for the HIPAA Security Rule
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationTSM ASSESSMENT PROTOCOL
TSM ASSESSMENT PROTOCOL A Tool for Assessing Crisis Management and Communications Planning Performance Purpose The purpose of the assessment protocol is to provide guidance to the member companies in completing
More informationBARRICK GOLD CORPORATION
BARRICK GOLD CORPORATION Code of Business Conduct and Ethics Introduction Barrick s success is built on a foundation of personal and professional integrity and commitment to excellence. As a company and
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationINFORMATION TECHNOLOGY POLICY
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of : DPW Information Security and Privacy Policies Domain: Security Date Issued: 05/09/2011 Date Revised: 11/07/2013
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationHIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)
HIPAA COMPLIANCE PLAN For CHARLES RETINA INSTITUTE (Practice Name) Date of Adoption 1/02/2003 Review/Update 10/25/2012 Review/Update 4/01/2014 I. COMPLIANCE PLAN A. Introduction This HIPAA Compliance Plan
More informationHuman Resources People and Organisational Development. Disciplinary Procedure for Senior Staff
Human Resources People and Organisational Development Disciplinary Procedure for Senior Staff AUGUST 2015 1. Introduction 1.1 This procedure applies to Senior Staff. Senior Staff includes: 1.1.1 the Vice-Chancellor
More informationHengtian Information Security White Paper
Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...
More information2.1 It is an offence under UK law to transmit, receive or store certain types of files.
Website Hosting Acceptable Use Policy 1. Introduction 1.1 Jarrett & Lam Consulting s Acceptable Use Policy for hosting customers to protect our resources, the resources of our customers and to ensure that
More informationhave adequate policies and practices for secure data disposal have not established a formal 22% risk management program
do not have budgeted disaster 38% recovery plans do not use standardized data 37% classification do not have a plan for responding to 29% security breaches 23% have adequate policies and practices for
More informationAll Users of DCRI Computing Equipment and Network Resources
July 21, 2015 MEMORANDUM To: From Subject: All Users of DCRI Computing Equipment and Network Resources Eric Peterson, MD, MPH, Director, DCRI Secure System Usage The purpose of this memorandum is to inform
More informationAP 417 Information and Communication Services
AP 417 Information and Communication Services Background Access and use of information and communication services (ICS) are an integral component of the learning and working environment. The ability for
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationINSTITUTIONAL COMPLIANCE PLAN
INSTITUTIONAL COMPLIANCE PLAN Responsible Party: Board of Trustees Contact: Institutional Compliance Office Original Effective Date: 02/16/2012 Last Revised Date: 10/13/2014 Contents I. SCOPE OF THE PLAN...
More information