GUIDELINES ON MANAGEMENT OF CYBER RISK SC-GL/2-2016

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "GUIDELINES ON MANAGEMENT OF CYBER RISK SC-GL/2-2016"

Transcription

1 GUIDELINES ON MANAGEMENT OF CYBER RISK SC-GL/ st Issued: 31 Octber

2 GUIDELINES ON MANAGEMENT OF CYBER RISK Effective Date upn 1 st Issuance: 31 Octber

3 CONTENTS Page PART A: GENERAL... 1 Intrductin... 1 Definitins 2 PART B: GOVERNANCE OF CYBER RISK... 4 Rles and respnsibilities f the bard f directrs... 4 Rles and respnsibilities f the management... 5 PART C: MANAGEMENT OF CYBER RISK... 6 Cyber risk plicies and prcedures... 6 Cyber risk measures... 7 Preventin... 7 Detectin... 8 Recvery... 9 APPENDIX

4 PART A: GENERAL Intrductin 1.1 The Guidelines n Management f Cyber Risk are issued pursuant t sectin 377 f the Capital Market and Services Act 2007 (CMSA). 1.2 These Guidelines shall apply t all capital market entities. 1.3 These Guidelines set ut the fllwing requirements: (a) (b) (c) (d) Rles and respnsibilities f the bard f directrs and management in the versight and management f cyber risk; Cyber risk plicies and prcedures that shuld be develped and implemented by capital market entities; Requirements fr managing cyber risk; and Reprting requirements t the Securities Cmmissin Malaysia (SC). 1.4 These Guidelines are in additin t and nt in dergatin f any ther guidelines issued by the SC r any requirements as prvided fr under securities laws. 1.5 The SC may, upn applicatin, grant an exemptin frm r a variatin t the requirements f these Guidelines if the SC is satisfied that (a) (b) such variatin, if granted is nt cntrary t the intended purpse f the relevant requirements in these Guidelines; r there are mitigating factrs which justify the said exemptin r variatin. 1

5 Definitins 2.1 Unless therwise defined, all wrds used in these Guidelines shall have the same meaning as defined in the CMSA. In these Guidelines, unless the cntext therwise requires agent means any persn representing r acting fr the entity such as a remisier r a unit trust cnsultant; bard includes bard cmmittee; business cntinuity means a state f uninterrupted business peratins; capital market entity (entity) means capital market institutins r participants licensed, authrised, apprved r registered under the securities laws; cyber incident means an bservable ccurrence indicating a pssible breach in the systems, netwrk and perating envirnment; cyber resilience means the ability t anticipate, absrb, adapt t, rapidly respnd t, and recver frm disruptin caused by a cyber attack; cyber risk means the cmbinatin f the prbability f an incident ccurring within the realm f an entity s infrmatin assets, systems and perating envirnment; cyber threat means a circumstance r incident with the ptential t intentinally r unintentinally explit ne r mre vulnerabilities in an entity s infrmatin assets, systems and perating envirnment; detectin means the develpment and implementatin f the apprpriate activities in rder t identify the ccurrence r ptential ccurrence f a cyber incident; 2

6 infrmatin assets means any piece f data, device r ther cmpnent f the envirnment that supprts infrmatin-related activities; malware means malicius sftware used t disrupt the nrmal peratin f an infrmatin system in a manner that adversely impacts its cnfidentiality, integrity r availability; preventin means safeguards, cntrls and measures t ensure delivery f critical infrastructure services; recvery means restratin f any capabilities r services that have been impaired due t a cyber incident; recvery time bjective (RTO) means targeted duratin f time which an infrmatin system and netwrk must be recvered after a cyber breach risk tlerance means the amunt and type f risk that an rganisatin is willing t take in rder t meet its strategic bjectives; and third-party service prviders means an entity within the grup r an external entity, t which the capital market entity has utsurced the utsurced functins and includes any subsequent service prvider(s) t whm the initial service prvider has further cntracted the utsurced functins. 3

7 PART B: GOVERNANCE OF CYBER RISK Rles and respnsibilities f the bard 3.1 The bard must prvide versight and accrd sufficient pririty and resurces t manage cyber risk, as part f the capital entity s verall risk management framewrk. 3.2 In discharging its versight functins, the bard must (a) ensure that the capital market entity s plicies and prcedures relating t cyber risk are presented fr the bard s deliberatin and apprval; (b) ensure that the apprved cyber risk plicies and prcedures are implemented by the management; (c) mnitr the effectiveness f the implementatin f the entity's cyber risk plicies and ensure that such plicies and prcedures are peridically reviewed and imprved, where required. This may include setting perfrmance metrics r indicatrs, as apprpriate t assess the effectiveness f the implementatin f cyber plicies and prcedures; (d) ensure that adequate resurces are allcated t manage cyber risk including identifying a respnsible persn (respnsible persn) wh is accuntable fr the effective management f cyber risk; (e) ensure that the management cntinues t prmte awareness n cyber resilience at all levels within the entity; (f) ensure that the impact f cyber risk is adequately assessed when undertaking new activities, including but nt limited t any investments decisin, merger and acquisitin, adptin f new technlgy and utsurcing arrangements; and (g) ensure that the bard keeps itself updated and is aware f new r emerging trends f cyber threats, and understand the ptential impact f such threats t the entity. 4

8 Rles and respnsibilities f the management 3.3 Management is respnsible fr (a) establishing and implementing cyber risk plicies and prcedures that cmmensurate with the level f cyber risk expsure and its impact t the entity. These plicies and prcedures must take int accunt the fllwing: (i) (ii) (iii) The sensitivity and cnfidentiality f data which the entity maintains; Vulnerabilities f the entity s infrmatin systems and perating envirnment acrss the entity; and The existing and emerging cyber threats. (b) ensuring that emplyees, agents (where relevant) and third party service prviders are aware and understand the cyber risk plicies and prcedures, the pssible impact f varius cyber threats and their respective rles in managing such threats; (c) recmmending t the bard n apprpriate strategies and measures t manage cyber risk, including making necessary changes t existing plicies and prcedures, as apprpriate; and (d) reprting t the bard f any cyber breaches and peridically update the bard n emerging cyber threats and their ptential impact t the entity. 5

9 PART C: MANAGEMENT OF CYBER RISK Cyber risk plicies and prcedures 4.1 The entity must have in place clear and cmprehensive cyber plicies and prcedures, which cmmensurate with its risk prfile. 4.2 Such plicies and prcedures must amng thers include the fllwing: (a) Clear descriptin f the risk tlerance in relatin t cyber risk that is acceptable t the entity such as, ccurrence and severity f cyber breaches, the maximum service dwntime, recvery time bjectives, minimum level f system and services availability, ptential negative media publicity, ptential regulatry and financial impact r a cmbinatin f ther measures; (b) Strategy and measures t manage cyber risk encmpassing preventin, detectin and recvery frm a cyber breach; (c) Rles, respnsibilities and lines f accuntabilities f the bard, the bard cmmittee, respnsible persn and key persnnel invlved in functins relating t the management f cyber risk (such as infrmatin technlgy and security, business units and peratins, risk management, business cntinuity management and internal audit); (d) Prcesses and prcedures fr the identificatin, detectin, assessment, priritisatin, cntainment, respnse t, and escalatin f cyber breaches fr decisin-making; (e) Prcesses and prcedures fr the management f utsurcing, system develpment and maintenance arrangements with third-party service prviders, including requirements fr such third-party service prviders t cmply with the entity s infrmatin security plicy; and (f) Cmmunicatin prcedures that will be activated by the entity in the event f a cyber breach, which include reprting prcedures, infrmatin t be reprted, cmmunicatin channels, list f internal and external 6

10 stakehlders and cmmunicatin timeline. Cyber risk measures 4.3 The entity must ensure that cmprehensive strategies and measures are in place t manage cyber risk including preventin, detectin and recvery measures. 4.4 Ntwithstanding that the peratin r maintenance f infrmatin assets, systems and netwrk are utsurced t a third-party service prvider, the entity remains respnsible fr ensuring cmpliance with the requirements in paragraphs 4.5 t 4.19 f these Guidelines. Preventin 4.5 The entity must cnduct regular assessments as part f the entity s cmpliance prgramme t identify ptential vulnerabilities and cyber threats in its perating envirnment which culd undermine the security, cnfidentiality, availability and integrity f the infrmatin assets, systems and netwrks. 4.6 The assessment f the vulnerabilities f the entity s perating envirnment must be cmprehensive, including making an assessment f ptential vulnerabilities relating t the persnnel, parties with whm an entity deals with, systems and technlgies adpted, business prcesses and utsurcing arrangements. 4.7 The entity must develp and implement preventive measures t minimise the entity s expsure t cyber risk. 4.8 Preventive measures referred t in Paragraph 4.7 abve may include the fllwing: (a) (b) (c) Deplyment f anti-virus sftware and malware prgramme t detect and islate malicius cde; Layering systems and systems cmpnents; Build firewalls t reduce weak pints thrugh which attacker can gain access t an entity s netwrk; 7

11 (d) (e) (f) Rigrus testing at sftware develpment stage t limit the number f vulnerabilities; Penetratin testing f existing systems and netwrks; and Use f authrity matrix t limit privileged internal r external access rights t systems and data. 4.9 The entity must ensure that the bard, management, emplyees and agents underg apprpriate training n a regular basis t enhance their awareness and preparedness t deal with a wide range f cyber risks, incidents and scenaris The entity must evaluate imprvement in the level f awareness and preparedness t deal with cyber risk t ensure the effectiveness f training prgrammes implemented. Detectin 4.11 In additin t implementing preventive measures, the entity must cntinuusly mnitr fr any cyber incidents and breaches within its systems and netwrk The entity must ensure timely detectin f and respnse t cyber breaches within a clearly defined escalatin and decisin-making prcesses t ensure that any adverse effect f a cyber incident is prperly managed and initiate recvery actin quickly T ensure sufficient preparedness in respnding t cyber incidents detected, the entity must (a) (b) (c) (d) identify scenaris f cyber risk that the entity is mst likely t be expsed t; cnsider incidents in the capital market and the brader financial services industry; assess the likely impact f these incidents t the entity; and identify apprpriate respnse plan and cmmunicatin strategies that shuld be undertaken. 8

12 4.14 The entity must regularly test, review and update the identified cyber risk scenaris and respnse plan. This is t ensure that the scenaris and respnse plan remain relevant and effective, taking int accunt changes in the perating envirnment, systems r the emergence f new cyber threats The entity must ensure that cyber breaches detected are escalated t an incidence respnse team, management and the bard, in accrdance with the entity s business cntinuity plan and crisis management plan, and that an apprpriate respnse is implemented prmptly The entity must reprt t the SC n any detectin f a cyber incident which may r have had an impact n the infrmatin assets r systems f the entity, n the day f the ccurrence f the incident. A reprt submitted t the SC under this paragraph must be made in accrdance with the reprting template as prvided in Appendix 1. Recvery 4.17 The entity must ensure that all critical systems are able t recver frm a cyber breach within the entity s defined recvery time bjective in rder t prvide imprtant services r sme level f minimum services fr a temprary perid f time The entity must identify the critical systems and services within its perating envirnment that shuld be recvered n a pririty basis in rder t prvide certain minimum level f services during the dwntime and determine hw much time the entity will require t return t full service and peratins The entity must ensure its business cntinuity plan is cmprehensive and includes a recvery plan fr its systems, peratins and services arising frm a cyber breach. 9

13 APPENDIX 1 CYBER INCIDENT REPORTING TEMPLATE Instructins 1. All entities are required t reprt cyber incident r breach t the SC n the day f the ccurrence f the cyber incident r breach. 2. Entities are required t cmplete and submit the frm belw via t the SC at 3. The SC may require the affected entities t submit a detailed reprt n the cyber incident r breach, fllwing the cyber incident r breach reprted. Table 1 Example f incident reprting 1. Cntact infrmatin Cntact details f the respnsible persn Full name Psitin Office phne n. Mbile n. address Alternate cntact persn Full name Psitin Office phne n. Mbile n. address Entity details Entity name Entity address Type f entity (fr example, financial institutins, participating rganisatin, exchange) Cntact n. address 2. Cyber incident r breach details Date and time f incident r breach 1.45 am / 16 August

14 Details f cyber incident r breach - Methd f the cyber attack - Duratin f the cyber attack (i) (ii) Distributed Denial f Service (DDS). Apprximately 3 hurs. 3. Impact t systems, assets r infrmatin Affected hardware (i) 11 desktp cmputers at Prcessing Department and 3 cmputer servers. (ii) Back ffice prcessing f trading transactins terminated Affected sftware (i) PO-Back End Prcess System Affected perating system (i) (ii) (iii) Impact t stakehlders (i) (ii) Windws 10 RH Linux ver Windws Server 10 Next day client s trading and payment infrmatin nt updated n the entity s Back Office System. Pssible theft f client s infrmatin Gegraphical lcatin and IP address f attacker (i) Pssible IP address , Eastern Eurpe 4. Reslutin f cyber incident r breach What are the immediate remedial actins taken t minimise and mitigate risks frm the cyber attack? What is the current status r reslutin f this incident r breach? Reslved Unreslved (i) (ii) (iii) Internet cnnectivity was terminated. Entity s IT security and vendr was cntacted t prvide assistance t manage the situatin and recmmend remedial actins t be taken. Investigatin n cyber breach is nging. Mre details expected within 24 hurs. Nte: The SC will maintain the cnfidentiality f data received. 11

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Business Continuity Management Policy

Business Continuity Management Policy The Public Trustee Business Cntinuity Management Plicy Octber 2015 Business Cntinuity Management Plicy Octber 2015 Page 1 f 6 Dcument Infrmatin Apprved Name Psitin Signature Date Mark Crftn A/Public Trustee

More information

Risk Management Policy AGL Energy Limited

Risk Management Policy AGL Energy Limited Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective fr audits f financial statements fr perids beginning n r

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE AUDIT AND RISK COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE Audit and Risk Cmmittee 2. ESTABLISHMENT The Audit and Risk Cmmittee is established under Part 3 Sectin 19(1) f the Charles Darwin University

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE

UNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in

More information

UCISA-Infrastructure Group Case Study

UCISA-Infrastructure Group Case Study UCISA-Infrastructure Grup Case Study King s Cllege Lndn Infrastructure Analysis and Resilience Review 1. Intrductin Infrmatin Services and s (ISS) at King s Cllege Lndn has recently restructured a significant

More information

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. PURPOSE The purpse f the Cmpensatin Cmmittee f the Bard f Directrs (the Bard ) f Upland Sftware, Inc. (the Cmpany

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy

More information

UBC Incident Response Plan V1.5

UBC Incident Response Plan V1.5 UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

RATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority

RATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority RATIONALE With the intrductin f the Excellent Care fr All Act, hspital bards must nw have a quality cmmittee that reprts t the bard. The template prvides sample terms f references fr rganizatins t adapt

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

General Records Authority 33. Accredited Training

General Records Authority 33. Accredited Training General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

Template on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution

Template on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution COORDINATION AND COOPERATION ARRANGEMENTS EBA/RTS/2014/16 EBA/ITS/2014/07 Annex II Template n written crdinatin and cperatin arrangements f the supervisry cllege established fr the Grup/ Institutin

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

Business Continuity Management Systems Foundation Training Course

Business Continuity Management Systems Foundation Training Course Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700

PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 Plicy Title Versin Number Date Issued Critical Incident Management Plicy 2.0 Nvember 2007 Reviewed April 2010 June 2015 Definitin Critical incidents

More information

Gravesham Borough Council

Gravesham Borough Council Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager

More information

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM15-14-000 Statement f Thmas F. O Brien Vice President & Chief Infrmatin

More information

Newborn Blood Spot Failsafe Solution (NBSFS) Operational Level Agreements. Part B: Child Health Record Department (CHRD) Users

Newborn Blood Spot Failsafe Solution (NBSFS) Operational Level Agreements. Part B: Child Health Record Department (CHRD) Users Newbrn Bld Spt Newbrn Bld Spt Failsafe Slutin (NBSFS) Operatinal Level Agreements Part B: Child Health Recrd Department (CHRD) Users Versin 1.2 / May 2015 Uncntrlled when printed. T ensure yu have the

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

Human Resources Policy pol-020

Human Resources Policy pol-020 Human Resurces Plicy pl-020 Versin: 2.00 Last amendment: Jul 2014 Next Review: Jul 2017 Apprved By: Cuncil Date: 04 May 2005 Cntact Officer: Directr, Office f Human Resurce Services INTRODUCTION The University

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

17 Construction environmental management plan (CEMP)

17 Construction environmental management plan (CEMP) 17 Cnstructin envirnmental management plan (CEMP) Bur Happld Cntents 17 Cnstructin Envirnmental Management Plan (CEMP) 17-1 17.1 Intrductin 17-1 17.2 Intrductin t EMS 17-1 17.2.1 Plicy 17-2 17.2.2 Planning

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

Appendix H. Annual Risk Assessment and Audit Plan 2013/14 Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department

More information

IT CHANGE MANAGEMENT POLICY

IT CHANGE MANAGEMENT POLICY IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

Duration of job. Context and environment: (e.g. dept description, region description, organogram)

Duration of job. Context and environment: (e.g. dept description, region description, organogram) Rle Prfile Jb Descriptin Jb Title Ref n: Prgramme Manager, Services fr Internatinal Educatin Marketing Directrate r Regin East Asia Department/Cuntry Indnesia Lcatin f pst Jakarta Pay Band G Reprts t Senir

More information

Team Leader, Cyber Threat Management

Team Leader, Cyber Threat Management Security Analyst Rle Specificatin Rle Title: Security Analyst Cyber Threat Management Business Unit: SBS (Suncrp Business Services) Lcatin: Brisbane Divisin: Crprate Shared Services Pay Band: 4 Department:

More information

Fraud Prevention Techniques for Higher Education

Fraud Prevention Techniques for Higher Education Fraud Preventin Techniques fr Higher Educatin Speakers: Brenda Buetw, Crwe Hrwath LLP Jennifer Richards, Crwe Hrwath LLP David English, Augustana Cllege Date: Octber 6, 2014 Sessin Gals Identify the different

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

Service Level Agreement

Service Level Agreement Template SDSU-TPL-11085 v1.3 18/1/11 IT Services Service Level Agreement Enterprise CRM (ECRM) Versin: 0.1 01/11/2010 Cntents 1 INTRODUCTION... 4 1.1 Scpe f the Agreement... 4 1.2 Duratin f the Agreement...

More information

Database Services - Extended

Database Services - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and Database Services t dcument: The technlgy services Database Services prvides t the custmer. The targets fr respnse times, service

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

International Services Catalog Navigating the Security Landscape from Takeoff to Landing

International Services Catalog Navigating the Security Landscape from Takeoff to Landing Internatinal Services Catalg Navigating the Security Landscape frm Takeff t Landing Cpyright 2013 infrmatin security cnsulting All rights reserved Intrductin Infrmatin security cnsulting (i.s.c.) funded

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Business Plan 2014-15

Business Plan 2014-15 Cmmissin fr Lcal Administratin in England Business Plan 2014-15 All Business Plan activity is linked t ur fur Strategic Objectives LGO Business Plan 2014-2015 v web 3 Page 1 descriptin 1. Prvide a cmplaints

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Request for Proposal Technology Services

Request for Proposal Technology Services Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage

More information

INFRASTRUCTURE TECHNICAL LEAD

INFRASTRUCTURE TECHNICAL LEAD 1. PURPOSE OF POSITION This psitin is respnsible fr the delivery f peratinal supprt and maintenance f the TDHB IT infrastructure envirnment. This rle is als pivtal in the develpment and delivery f infrastructure

More information

The chief executive officer and the chief finance officer are ex-officio members of the board.

The chief executive officer and the chief finance officer are ex-officio members of the board. DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as

More information

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review 10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic

More information

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013 Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,

More information

FINANCE SCRUTINY SUB-COMMITTEE

FINANCE SCRUTINY SUB-COMMITTEE REPORT FOR: PERFORMANCE AND FINANCE SCRUTINY SUB-COMMITTEE Date f Meeting: 6 January 2015 Subject: Staff Survey and Sickness Absence Mnitring Results and Actin plans Respnsible Officer: Scrutiny Lead Member

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

Health and Safety Training and Supervision

Health and Safety Training and Supervision Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires

More information

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager JOB SPECIFICATION FUNCTION JOB TITLE REPORTING TO GRADE WORK PATTERN LOCATION IT & Digital Netwrk Services Analyst Netwrk Services Team Manager Band D Full-time Birmingham TRAVEL REQUIRED Occasinally ROLE

More information

Wire Transfer Request

Wire Transfer Request Wire Transfer Request Requirements and Instructins OFFICE OF DISBURSEMENTS Categry: Dcument Name: Payment Prcessing Wire Transfer Request - Requirements and Instructins Respnsible Department: Office f

More information

Malpractice and Maladministration Policy

Malpractice and Maladministration Policy TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs

More information

Avaya Business Continuity Plan Overview

Avaya Business Continuity Plan Overview Avaya Business Cntinuity Plan Overview 1 Crprate Business Cntinuity Prgram Mdel at Avaya At Avaya the versight f the Business Cntinuity Prgram belngs t the Crprate Business Cntinuity Management Team. This

More information

Help Desk Level Competencies

Help Desk Level Competencies Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

Service Level Agreement

Service Level Agreement Template SDSU-TPL-11085 v1.3 18/1/11 IT Services Service Level Agreement Staff Email and SMTP Accunts (EMSF) Versin: 0.1 01/11/2010 Service Level Agreement: Staff Email and SMTP Accunts (EMSF) Cntents

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Support Services. v1.19 / 2015-07-02

Support Services. v1.19 / 2015-07-02 Supprt Services v1.19 / 2015-07-02 Intrductin - Table f Cntents 1 Intrductin... 3 2 Definitins... 4 3 Supprt Prgram Feature Overview... 5 4 SLA fr the Supprt Services... 6 4.1 Standard Supprt... 6 4.2

More information

Corporate Standards for data quality and the collation of data for external presentation

Corporate Standards for data quality and the collation of data for external presentation The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published

More information

Médecins Sans Frontières Australia Job Description

Médecins Sans Frontières Australia Job Description Médecins Sans Frntières Australia Jb Descriptin POSITION DESCRIPTION Psitin Lcatin: Reprting t: Supervising: Status: Service Centre Technical Crdinatr Sydney (Bradway) Service Centre Manager N/A 6-mnths

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012 Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut

More information

Sample Role Description Immunization Information System (IIS) Testing Analyst

Sample Role Description Immunization Information System (IIS) Testing Analyst Sample Rle Descriptin Immunizatin Infrmatin System (IIS) Testing Analyst Nte: This rle descriptin is meant t ffer sample language and a cmprehensive list f ptential desired respnsibilities with crrespnding

More information

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security ISMF Standard 141 OCIO/S4.6 Gvernment standard n cyber security Prepared by: Office f the Chief Infrmatin Officer Versin: v1.0 Date: 12 September 2014 GOVERNMENT STANDARD ON CYBER SECURITY OCIO/S4.6 Cnfidentiality:

More information

Nuance Healthcare Services Project Delivery Methodology

Nuance Healthcare Services Project Delivery Methodology NUANCE PROFESSIONAL SERVICES Nuance Healthcare Services 2008 Nuance Cmmunicatins, Inc. All rights reserved. Nuance Healthcare Services 1 INTRODUCTION This dcument describes the prject management methdlgy

More information

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012 Research Reprt Abstract: Security Management and Operatins: Changes n the Hrizn By Jn Oltsik, Senir Principal Analyst With Kristine Ka and Jennifer Gahm July 2012 2012, The Enterprise Strategy Grup, Inc.

More information

Chief Finance and Operations Officer IfM Education and Consultancy Services (IfM ECS)

Chief Finance and Operations Officer IfM Education and Consultancy Services (IfM ECS) Chief Finance and Operatins Officer IfM Educatin and Cnsultancy Services (IfM ECS) Rle Summary IfM ECS disseminates the research and educatin utputs f the University f Cambridge Institute fr Manufacturing

More information

Privacy Breach and Complaint Protocol

Privacy Breach and Complaint Protocol Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is

More information

Electronic and Information Resources Accessibility Compliance Plan

Electronic and Information Resources Accessibility Compliance Plan Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise

More information

BIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements

BIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive

More information

Change Management Process For [Project Name]

Change Management Process For [Project Name] Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management

More information