IT FACILITY STANDARD NO. 5 DATA CENTER & IT FACILITY ACCESS
|
|
- Kevin Bates
- 8 years ago
- Views:
Transcription
1 Function Affected: IT Facilities including data centers and network rooms (BDFs and IDFs) Issued Date: 06/01/15 Issue Superseded: 12/15/13 Number of Pages: 6 I. Background The UCSF data centers and network rooms such as BDFs and IDFs are critical to the health care, academic and research missions as well as University business functions. Ensuring the physical security of these facilities is an important way of protecting these critical assets. The primary goal of this standard is to maximize facility security while at the same time enabling access to those who are authorized. II. Card Key System Access to the data center and some network rooms is restricted via the UCSF card key system (ProWatch). This campus-wide system is administrated by the UCSF Police Department and supported by UCSF Facilities Services. Card key activation and authorization for the Data Centers is managed by the IT Facilities group. Network room access is managed by the Network Operations group. Access is granted based upon the following criteria: 1. Staff with work assignments inside the facility. 2. System administration staff requiring frequent access to the facility during or outside standard work hours to resolve system problems. 3. UCSF Police Officers 4. Facility Services Technicians supporting the facility 5. Members of the IT Departmental Emergency Operation Center responding to a declared emergency. This access is only available for the 654 Minnesota St. location and is limited to the Command Center portion the facility. Page 1 of 6
2 Overall security is improved by limiting the number of individuals with facility access. III. Card Keys Holder Rules Those granted card key access must abide by the following rules: 1. UCSF Photo identification badges must be worn above the waist and be clearly visible, at all times. 2. Card keys must not be loaned or used to allow access to any unauthorized person. 3. Access to all secure areas should be handled with the use of a card key. Card Key holders must not access areas for which they do not have approved authorization. 4. Equipment Log any equipment taken out of the data centers (repair / replacement / de-commissioned, etc.) is to be documented in the log (make, model, description, serial number of the item and if it is part of a system, provide additional info of the parent equipment make, model, description, serial number etc.). The log is to undergo regular review. 5. Card key holders must not touch equipment and supplies belonging to other departments. The IT Facilities group will provide access to tools or other equipment mounting supplies for use at one of the data centers. 6. Lost or stolen card keys must be reported to the card key holder s manager, IT Facilities at (415) and the UCSF Police Department. 7. Everyone requiring access to the data centers outside of regular business hours (0800 to 1700, M-F) must log in and out. 8. Food, drink or other fluids are not allowed in the IT facility equipment areas. 9. All problems or emergency situations must be immediately reported to IT Facilities and Computer Operations for data centers or Network Operations for network rooms. Page 2 of 6
3 10. IT facilities are only to be accessed to meet business requirements. Loitering will not be tolerated. IV. Any rule violation may result in a revoking of card key access. Authorized Entry Without a Card Key A database of all individuals with data center access is maintained in the card key system. This database is the record for all access approval and the source of authorization for granting access to individuals who have forgotten or lost their card key. Any authorized individual granted access without a card key is required to log in and out and agree they will adhere to the Data Center and IT Facility Access Standard policy. The following Identification is required for all data center and IT facility visitors without card key access: 1. UCSF staff members: UCSF ID (Campus and Medical Center) along with government issued photo ID 2. Non-UCSF visitors: Associated vendor (company issued employee ID) along with government issued photo ID V. Vendor and Visitor Access to Perform Work Work performed by vendors and visitors must be documented in an approved change ticket in ServiceNow. The change ticket must include the following critical information: GENERAL INFORMATION 1. Change Request # 2. Associated Vendor Ticket/Case # 3. Brief Description of Work to be Performed 4. Company Name Requesting Access (List Individual s Names in Step #8 Below) 5. UCSF Sponsor Approving Visitor Access 6. UCSF Business Application Owner (if applicable) 7. UCSF Application Admin (if applicable) INDIVIDUALS (UCSF IT & VISITOR) ASSIGNED TO THE WORK & REQUIRE ACCESS 8. List ALL names (UCSF IT & Visitor s) - list names, mobile, title & role of those that require access and scheduled to be in the Data Center or Network Closet Contact Name Mobile # Title & Assigned Role Page 3 of 6
4 during CHG or via remote access into system. DATE & TIME SCHEDULING 9. Scheduled Date & Time of Arrival for Visitor 10. Planned Date(s) for Visitor Access 11. Planned Hours for Visitor Access (Start/End Time) VISITOR ONSITE OR REMOTE ACCESS - If Onsite, complete Steps #12-16 and continue to Step #19. If Remote, complete Steps #17-18 and continue to Step # ONSITE: Who is Visitor Escort Into Data Center or Network Closet? 13. ONSITE: Will Visitor be supervised entire time? If yes, by who? If no, why? 14. ONSITE: If Visitor NOT supervised entire time, what Director approved unsupervised visit? And, explain why unsupervised. 15. ONSITE: Why can t Visitor perform work via remote VPN access? 16. ONSITE: Can Visitor perform work at computer adjacent to Data Center? If no, briefly explain. 17. REMOTE: If remote access, is there UCSF oversight throughout entire CHG, e.g., observing Visitor work via WebEx session? If yes, by who? If no, explain why. 18. REMOTE: If Visitor NOT supervised entire time, what Director approved unsupervised remote access? And, explain why unsupervised. SERVER / SYSTEM CHANGE INFORMATION 19. Host name: > LIST ALL HOSTS. IP: > Cabinet: ----> Rack Unit #: > 20. Are server and/or systems backed up? If not, explain. Provide date of last successful backup. If virtual machine, snapshot required? (Snapshots are deleted 48-hours after capture time) 21. List any other applications on the server. If none, write none. 22. Proceed to ( Visitor Step-by-Step CHG PROCEDURE section below) VISITOR S STEP-BY-STEP CHANGE INFORMATION - INCLUDE VALIDATION & CONTINGENCY PLAN/EXIT STRATEGY CHG PROCEDURE VISITOR STEP BY STEP PROCEDURE OR ATTACH VISITOR MOP DURATION START FINISH COMMENTS Page 4 of 6
5 The change assignee or sponsor must meet the vendor or visitor to escort them and oversee their work. All vendors, regardless of access authorization status must sign the log. Vendors and visitors granted data center access must abide by the following rules: 1. UCSF issued ID must be worn at the waist or above, and clearly visible, at all times. i. Non-UCSF vendors: Present a company issued employee ID along with government issued photo ID (driver license, passport, etc.) ii. Non-UCSF visitors: Present a government issued photo ID 2. Access to all secure areas within the data center should be handled with the use of a card key. Vendors and visitors must not attempt to access card-key controlled areas without the appropriate escort. 3. Vendors and visitors must not touch equipment and supplies other than the equipment they are on-site to support that has been documented in the visitor access template and Change Request ticket. If necessary, IT Facilities will facilitate access to tools or other equipment mounting supplies. 4. Equipment Log Any equipment taken out of the data centers (repair / replacement / de-commissioned, etc.) is to be documented in the log (make, model, description, serial number of the item and if it is part of a system, provide additional info of the parent equipment make, model, description, serial number etc.). The log is to undergo regular review. 5. Food, drink or other fluids are not allowed in the IT facility equipment areas. 6. All problems or emergency situations must be immediately reported to IT Facilities and Computer Operations for data centers or Network Operations for network facilities Page 5 of 6
6 7. IT facilities are only to be accessed to meet business requirements Loitering will not be tolerated. VI. Other Visitors 1. All other visitors must sign the log and be escorted the entire time they are in the facility. VII. Data Center Card Key Access Review 1. An Outlook calendar reminder is set for the Data Center Card Key Access Authorization Review to occur on the second Friday of the first month of each quarter. 2. The Senior IT Facilities Coordinator pulls the ProWatch authorized access report for the Data Center Card Key controlled doors. 3. The reports are sent to the IT Facilities Manager to review. 4. The IT Facilities Manager instructs the Senior IT Facilities Coordinator to deactivate access for any unauthorized individuals. 5. The IT Facilities Manager posts copies of the quarterly report to UCSF Box IT Facilities folder. Page 6 of 6
Data Center Access Policies and Procedures
Data Center Access Policies and Procedures Version 2.0 Tuesday, April 6, 2010 1 Table of Contents UITS Data Center Access Policies and Procedures!3 Introduction!3. Overview!3 Data Center Access!3 Data
More informationDataCentre Access Policies & Procedures
DataCentre Access Policies & Procedures Contents Purpose... 3 Overview... 3 DataCentre Access... 3 DataCentre Access Levels... 4 Periodic Review & Termination of Access... 5 DataCentre Access Log... 5
More informationData Centers and Mission Critical Facilities Access and Physical Security Procedures
Planning & Facilities Data Centers and Mission Critical Facilities Access and Physical Security Procedures Attachment B (Referenced in UW Information Technology Data Centers and Mission Critical Facilities
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1. Purpose... 2 2. Entities Affected by This Guideline... 2 3. Definitions... 2 4. Guidelines... 3 4.1 Requesting Data Center or... 3 4.2 Requirements for Data Center or...
More informationIntroduction to Security Awareness Briefing. Office of Security @ NOAA
Introduction to Security Awareness Briefing Office of Security @ NOAA 4/21/2009 1 Agenda/Topics to Be Covered Introduction Security policies & procedures Security Force Property Control Access to NOAA
More informationCDW Advanced Image Deployment Service Customer Guide
CDW Advanced Image Deployment Service Customer Guide Contents Service Description... 2 Image Deployment Solutions... 2 Why would my organization use this service?... 2 Benefits of Advanced Imaging over
More informationMOUNT CARMEL HEALTH SYSTEM MEDICAL EDUCATION POLICY/PROCEDURE
DEPARTMENT OVERSIGHT AND MAINTENANCE: ADMINISTRATIVE DEFINITIONS Vendor: Patient Care Areas: Associates: Includes sales representatives, service technicians, clinical and or training personnel, third party
More informationLouisiana State University Information Technology Services (ITS) Frey Computing Services Center Data Center Policy
Louisiana State University Information Technology Services (ITS) Frey Computing Services Center Data Center Policy Access: If you have been granted a Frey Access Card with currently approved access to
More informationARTICLE 10. INFORMATION TECHNOLOGY
ARTICLE 10. INFORMATION TECHNOLOGY I. Virtual Private Network (VPN) The purpose of this policy is to provide guidelines for Virtual Private Network (VPN) connections to Education Division s resources.
More informationData Centre & Facilities Access Procedures
University of Manitoba - Information Services & Technology Data Centre & Facilities Access Procedures Effective Date: Review Date: Approving Body: Applies to: March 1, 2012 March 1, 2017 Mike Langedock,
More informationHow To Manage Keys At Trent University
POLICY ACCESS CONTROL Category: Approval: Responsibility: Date: Operations & Governance PVP Vice President Administration Date initially approved: September 1, 2005 Date of last revision: April 2012 Definitions:
More informationData Center Colocation - SLA
1 General Overview This is a Service Level Agreement ( SLA ) between and Data Center Colocation to document: The technology services Data Center Colocation provides to the customer The targets for response
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationPolicy Title-Aquia Data Center Operational Policy & Procedure. Policy ID - TSD-ADC001. Version - Version: 1.0. Supersedes Version 1.
Policy Title-Aquia Data Center Operational Policy & Procedure Policy ID - TSD-ADC001 Version - Version: 1.0 Supersedes Version 1.0 Review Date One (1) year from effective date. Policy & Procedure - Provides
More informationManaged Security Services SLA Document. Response and Resolution Times
Managed Security Services SLA Document Appendix A Response and Resolution Times The following table shows the targets of response and resolution times for each priority level: Trouble Priority Response
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationData Center Operational Policy
POLICY NAME: Data Center Operational Policy Effective Date: Policy Owner: Policy Number: Related Policies: Purpose: Scope: Policy Statement: Definitions: Responsibilities: The policy will become effective
More informationCreating Incidents & Requests For the Dell Data Center
Creating Incidents & Requests For the Dell Data Center UCSF IT Service Management Office http://itsm.ucsf.edu UCSF ServiceNow The following presentation provides information for creating incidents and
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationDisaster Recovery Checklist Disaster Recovery Plan for <System One>
Disaster Recovery Plan for SYSTEM OVERVIEW PRODUCTION SERVER HOT SITE SERVER APPLICATIONS (Use bold for Hot Site) ASSOCIATED SERVERS KEY CONTACTS Hardware Vendor System Owners Database Owner
More informationOIT Asset Management. Georgia Institute of Technology Office of Information Technology. By Alex Agle April 14 th, 2000 Version 4.0.
OIT Asset Management Georgia Institute of Technology Office of Information Technology By Alex Agle April 14 th, 2000 Version 4.0.3 Table of Contents Scope of This Document... 3 Purpose of the OIT Asset
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationCITY UNIVERSITY OF HONG KONG Physical Access Security Standard
CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication
More informationSAMPLE TEMPLATE. Massachusetts Written Information Security Plan
SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law
More informationTONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1
TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 Table of Contents 1. Operational Security 2. Physical Security 3. Network
More informationSecurity Tool Kit System Checklist Departmental Servers and Enterprise Systems
Security Tool Kit System Checklist Departmental Servers and Enterprise Systems INSTRUCTIONS System documentation specifically related to security controls of departmental servers and enterprise systems
More informationPOLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration
More informationQatar University. OneCard & Security Systems. Information Technology Services. Q-Card Office Policy
Qatar University OneCard & Security Systems Information Technology Services Q-Card Office Policy June 2011 Table of Contents Introduction... 3 History... 3 About the Q-Card... 4 Q-Card Mission Statement...
More information2.09 - Adjudication System Maintenance Manual
2.09 - Adjudication System Maintenance Manual Version: 4.19::20 April 6, 2015 TO LEARN MORE ABOUT OUR TECHNOLOGY, PEOPLE AND SERVICES VISIT DOMINIONVOTING.COM TODAY i NOTICE OF CONFIDENTIALITY AND NONDISCLOSURE
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationUsing Your Department Shared Folder
Using Your Department Shared Folder What Is A Domain? A domain is an internal network of computers where the users can share space on a server for storing files and sharing access to printers. Sunysb.edu
More informationAdvanced HIPAA Security Training Module
Advanced HIPAA Security Training Module The Security of Electronic Information Copyright 2008 The Regents of the University of California All Rights Reserved The Regents of the University of California
More informationPC Proactive Solutions Technical View
PC Proactive Solutions Technical View PC Proactive Solutions Technicians View The following pages briefly describe our technicians view of our proactive management utility. Our software application is
More informationService Level Agreement (SLA)
Service Level Agreement (SLA) Between [Add your department and acronym ()] Technology Systems Division (TSD) Information Technology Unit (ITU) and XYZ For XYZ Service Document Version History Version #
More informationCentral Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy
Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy I. PURPOSE To identify the requirements needed to comply with
More informationDEPARTMENTAL POLICY. Northwestern Memorial Hospital
Northwestern Memorial Hospital DEPARTMENTAL POLICY Subject: DEPARTMENTAL ADMINISTRATION Title: 1 of 11 Revision of: NEW Effective Date: 01/09/03 I. PURPOSE: This policy defines general behavioral guidelines
More informationUCS Level 2 Report Issued to
UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification
More informationLaptop Handbook for Students and Parents
Laptop Handbook for Students and Parents Southwest MN Christian High School 2015-2016 Page 1 Table of Contents I. Goals II. Hardware and software A. In the bag B. On the laptop C. Back up and file storage
More informationEXHIBIT B SOFTWARE SUPPORT SERVICES
1. SCOPE EXHIBIT B SOFTWARE SUPPORT SERVICES This Exhibit B sets forth the terms and conditions under which SevOne will provide Software support services purchased by Customer pursuant to the Agreement
More informationSupply Chain Security Audit Tool - Warehousing/Distribution
Supply Chain Security Audit Tool - Warehousing/Distribution This audit tool was developed to assist manufacturer clients with the application of the concepts in the Rx-360 Supply Chain Security White Paper:
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationWelcome to ComputerEase 10.0
Welcome to ComputerEase 10.0 This manual is designed to walk you through basic functions by ComputerEase Software, Inc. This manual will be a useful tool as you explore ComputerEase. If you have upgraded
More informationCLOCKWORK Training Manual and Reference: Inventory. TechnoPro Computer Solutions, Inc.
CLOCKWORK Training Manual and Reference: Inventory TechnoPro Computer Solutions, Inc. Table of Contents Inventory Learning Objectives License Key 5 Create a Catalog 6 Assign Permissions 9 Categories and
More informationAccess Control Regulations
Access Control Regulations 6 August 2008 1 TABLE OF CONTENTS I. Regulations... 3 II. Introduction... 3 III. Definitions... 3 IV. Single Access Control Alarm Coordinator (SACC)... 4 V. Access to Closed
More informationSystem Center Configuration Manager Overview
System Center Configuration Manager Overview This document provides some background information on the Microsoft Systems Center Configuration Manager (SCCM) system, which has been selected for use as an
More informationCleveland Clinic Vendor Representative Handbook
Cleveland Clinic Vendor Representative Handbook Cleveland Clinic Supply Chain Management 1950 Richmond Rd. TR301 Lyndhurst, OH 44124 Telephone: 216-448-8000 Fax: 216-448-8080 Page 1 of 13 Table of Contents
More information2014-2015. Fredericksburg ISD Parent and Student Tablet Handbook PROCEDURES AND POLICIES FOR ISSUANCE OF INDIVIDUAL STUDENT TABLET COMPUTERS
2014-2015 Fredericksburg ISD Parent and Student Tablet Handbook PROCEDURES AND POLICIES FOR ISSUANCE OF INDIVIDUAL STUDENT TABLET COMPUTERS Contents Things to Know... 1 Care of your Tablet... 1 Internet
More informationCENG Information Technology Services University of North Texas
CENG Information Technology Services University of North Texas for the Information Technology Services as applied To the University of North Texas College of Engineering 1.0 Agreement 1.1 Purpose CENGITS
More informationPolicy Subject: ACQUISITION AND USE OF WIRELESS HANDHELD VOICE AND DATA SERVICES AND EQUIPMENT
UNIVERSITY OF WISCONSIN SUPERIOR Policy Subject: ACQUISITION AND USE OF WIRELESS HANDHELD VOICE AND DATA SERVICES AND EQUIPMENT Cabinet Division: Administration & Finance Date Revised: July 2010 I. Background
More informationSupport Common Questions
Support Common Questions 1. How will my data get to BCNS Technologies? One of our technical representatives will call your office and we will schedule an appointment with you to retrieve your application
More informationPHYSICAL ACCESS CONTROL
Contact: Administrative Services Issued: June 24, 2013 Supersedes: Keys - Administration and Control of Keys, September 2007; and Keys - Issuance and Retrieval, March 1986 Pages: 13 OVERVIEW PHYSICAL ACCESS
More informationWebEx. Remote Support. User s Guide
WebEx Remote Support User s Guide Version 6.5 Copyright WebEx Communications, Inc. reserves the right to make changes in the information contained in this publication without prior notice. The reader should
More informationCS&T Data Center Hosted Shared Services Policies & Work Rules
CS&T Data Center Hosted Shared Services Policies & Work Rules Last Modified 07-08-2014 1 Personal Accountability Failure to comply with the following procedures is grounds for immediate removal from the
More informationHow To Follow The University Telephone Policy
Telephone Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED QUESTIONS
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More informationThe County of San Bernardino Department of Behavioral Health. Facility Physical Security and Access Control Pr
Facility Physical Security and Access Control Pr Effective Approved 07/01/10 12/06/10 Purpose To provide (DBH) staff with a protocol to follow to ensure protected health information (PHI) and personally
More informationAchieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationBridgeConnex Statement of Work Managed Network Services (MNS) & Network Monitoring Services (NMS)
BridgeConnex Statement of Work Managed Network Services (MNS) & Network Monitoring Services (NMS) 1. Introduction This Statement of Work (SOW) is an appendix to the existing Master Services Agreement between
More informationDepartmental On-Site Computing Support (DOCS) Server Support SLA
1 General Overview This is a Service Level Agreement ( SLA ) between the customer and Departmental On-site Computing Support (DOCS) to document: The technology services DOCS provides to the campus. The
More informationDETAIL AUDIT PROGRAM Information Systems General Controls Review
Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,
More informationMonthly Performance Metrics April 2015 Compliance Level Legend
April 2015 April 2015 Department of Technology Monthly Performance Metrics April 2015 Compliance Level Legend In Compliance Out of Compliance Within Tolerance Insufficient Data Target Actual Compliance
More informationINTERNET AND COMPUTER ACCEPTABLE USE POLICY (AUP)
4510.2 INTERNET AND COMPUTER ACCEPTABLE USE POLICY (AUP) The Board of Education is committed to the optimization of student learning and teaching. The Board considers computers to be a valuable tool for
More informationCREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
More informationDepending on building design and layout, access points will operate in the following manner:
Scope Electronic Access Guidelines AG-101 The scope of the keyless access upgrade project is to provide increased security and public safety by deploying electronic access controls, door status monitoring/security
More informationEnterprise Data Integration (EDI)
CHAPTER 14 This feature requires an optional Cisco license. The EDI menu appears only after the license is installed on the Cisco PAM server. See Obtaining and Installing Optional Feature Licenses, page
More informationAdmin Reference Guide. PinPoint Document Management System
Admin Reference Guide PinPoint Document Management System 1 Contents Introduction... 2 Managing Departments... 3 Managing Languages... 4 Managing Users... 5 Managing User Groups... 7 Managing Tags... 9
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 14 I. Policy II. A. The, the units of the UW-Madison Health Care Component and each individual or unit within UW-Madison that is a Business Associate of a covered entity (hereafter collectively
More informationCollege of Education Computer Network Security Policy
Introduction The College of Education Network Security Policy provides the operational detail required for the successful implementation of a safe and efficient computer network environment for the College
More informationEffective Date: Subject Matter Experts / Approval(s): TAC: LASO: C/ISO: Front Desk: Technology Support Lead: Agency Head:
Policy Title: Effective Date: Revision Date: Subject Matter Experts / Approval(s): TAC: LASO: C/ISO: Front Desk: Technology Support Lead: Agency Head: Every 2 years or as needed Purpose: The purpose of
More informationTICKET SALES SOFTWARE FOR SPORTS ORGANIZATIONS
TICKET SALES SOFTWARE FOR SPORTS ORGANIZATIONS Phone: 512-251-7313 Fax: Email: dayers@ayerstechnology.com FANtastic is a software package developed over many years with the help of several individuals
More informationHIPAA Privacy and Security Risk Assessment and Action Planning
HIPAA Privacy and Security Risk Assessment and Action Planning Practice Name: Participants: Date: MU Stage: EHR Vendor: Access Control Unique ID and PW for Users (TVS016) Role Based Access (TVS023) Account
More informationPhysical Protection Policy Sample (Required Written Policy)
Physical Protection Policy Sample (Required Written Policy) 1.0 Purpose: The purpose of this policy is to provide guidance for agency personnel, support personnel, and private contractors/vendors for the
More informationCHARLOTTE SCHOOL of LAW IDENTIFICATION BADGE POLICY
CHARLOTTE SCHOOL of LAW IDENTIFICATION BADGE POLICY PURPOSE: The purpose of the Identification Badge Policy is: To provide a consistent method of identification of those authorized to be on campus To provide
More informationRSS Cloud Solution COMMON QUESTIONS
RSS Cloud Solution COMMON QUESTIONS 1 Services... 3 Connectivity... 5 Support... 6 Implementation... 7 Security... 8 Applications... 9 Backups... 9 Email... 10 Contact... 11 2 Services What is included
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationStandard: Event Monitoring
Standard: Event Monitoring Page 1 Executive Summary The Event Monitoring Standard defines the requirements for Information Security event monitoring within SJSU computing resources to ensure that information
More informationPlatform as a Service (PaaS) Policies and Procedures
Platform as a Service (PaaS) Policies and Procedures PaaS Policies and Procedures Purpose of this document is to define what a Platform as a Service (PaaS) customer will need to do in order to use the
More informationSmall Business IT Risk Assessment
Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying
More informationState of Vermont. Physical Security for Computer Protection Policy
State of Vermont Physical Security for Computer Protection Policy Date Approved: 04-02-10 Approved by: Tom Pelham Policy Number: 0501.012005 Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose...
More informationAccess requirement form
Access requirement form Part 1: Application process This is the process by which bookable access facilities can be requested: Purchase a ticket Obtain a ticket reference number Send us your completed Access
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationINFORMATION TECHNOLOGY. SERVICE ASSET AND CONFIGURATION MANAGEMENT PROCESS Version 3, Rev. May 5, 2015
SERVICE ASSET AND CONFIGURATION MANAGEMENT PROCESS Version 3, Rev. May 5, 2015 Document Version Control Document Name Process Owner Service Asset and Configuration Management Process Rebecca Nguyen Version
More informationInstalling and Activating Smaart 7
Rational Acoustics, LLC 241 Church Street, Suite H Putnam, CT 06260 USA Tel. (+1) 860 928-7828 www.rationalacoustics.com Installing and Activating Smaart 7 Installation of Rational Acoustics Smaart 7 is
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationCDW Standard Image Deployment Service Customer Guide
CDW Standard Image Deployment Service Customer Guide Contents Service Description... 2 Why Would My Organization Use This Service?... 2 Benefits of Using CDW Configuration Services... 2 How Is This Service
More informationAcronis Backup & Recovery 11
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
More informationDepartment of Computer Science. Computer Science IT support. For Research Students and Staff
Department of Computer Science Computer Science IT support For Research Students and Staff Introduction This document is intended to introduce incoming research students and staff of the Computer Science
More informationCustomer Guide to the DATAONE Datacenter
Customer Guide to the DATAONE Datacenter User guide for Private Suite or Colocation Customer Version 1.0 July 2012 CONTENTS 1 Welcome... 3 2 Getting started... 4 2.1 CONTACTING US... 4 2.2 OBTAINING SECURITY
More informationUsing Time Machine to Backup Multiple Mac Clients to SNC NAS and 1000
Using Time Machine to Backup Multiple Mac Clients to SNC NAS and 1000 Application Note Abstract This application note describes how to use Time Machine to backup multiple Mac clients to SNC NAS and 1000.
More informationDartmouth College Merchant Credit Card Policy for Managers and Supervisors
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance
More informationService Scheduler User Guide. Version 1.6 (Nov 2011) Service Scheduler is a product of ABit Consulting. All rights reserved.
Page 1 of 78 Page 2 of 78 Table of Contents Document Revisions... 7 Contact Information (Australia)... 8 Service Scheduler Basics... 9 Signing In... 9 Navigation... 9 Sort Columns... 10 Moving Columns...
More informationWhat can an ID program do for your school?
What can an ID program do for your school? If you re looking to improve the overall level of security for a school, implementing a photo ID program is a great first step. Of course security is just one
More informationIntroduction and Purpose... 2 Scope... 2 Auxiliary units... 2. Part-Time, Temporary faculty/staff, Volunteer, Contractor and Student Assistants...
Contents Workstation Refresh & Virtual Desktop Infrastructure Program Introduction and Purpose... 2 Scope... 2 Auxiliary units... 2 Part-Time, Temporary faculty/staff, Volunteer, Contractor and Student
More informationREGIONAL MEETING PURPOSE OVERVIEW OF RESPONSIBILITIES. 2015 Regional Meeting Host Chapter Manual
2015 Regional Meeting Host Chapter Manual REGIONAL MEETING PURPOSE 1. Provide BAP members and candidates the opportunity to gain knowledge regarding a. Personal and professional issues they will encounter
More informationAPPENDIX 5 TO SCHEDULE 3.3
EHIBIT K to Amendment No. 60 - APPENDI 5 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 5 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT K to Amendment No.
More informationPro-Watch Software Suite Installation Guide. 2013 Honeywell Release 4.1
Pro-Watch Software Suite Release 4.1 Installation Guide Document 7-901073V2 Pro-Watch Software Suite Installation Guide 2013 Honeywell Release 4.1 Copyright 2013 Honeywell. All rights reserved. Pro-Watch
More informationDRAFT National Rural Water Association Identity Theft Program Model September 22, 2008
DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)
More informationSecurity Management Plan
Effective Date: 03/2015 1 of 10 I. Table of Contents: I Table of Contents II Authority III Purpose & Scope IV Policy Statement V The Joint Commission Standards VI Performance Standards VII DUPD Services
More informationUNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public
Defence Security Manual DSM Part 2:61 Access Control and Identity Management Version 7 ation date July 2015 Amendment list 16 Optimised for Screen; Print; Screen Reader Releasable to Compliance Requirements
More information