Security Services. Service Description Version Effective Date: 07/01/2012. Purpose. Overview

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview"

Transcription

1 Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the MN.IT Services Catalg. This dcument describes the services and features that are included with the Security Services ffering. Overview This Service Descriptin includes three distinct Security Services fferings: Access Cntrl t Systems, Security Respnse and Frensics, and Security Awareness and Training. The sectins belw prvide a descriptin f these services; fr additinal details, see the applicable Security Services Service Level Agreement dcument. Access Cntrl t Systems The purpse Access Cntrl t Systems is t create, maintain, and prvisin identities that may need sme level f trusted access t State assets and t manage their assciated attributes. Access Cntrl t Systems is requested thrugh the MN.IT Services Service Desk. Creatin f identities is typically perfrmed during the nbarding prcess. Key service tasks include: Establish Identities Manage Identities Manage encryptin keys and security certificates t prvide trust fr transactins and web sites Currently, the State f Minnesta manages identities via stand-alne, disparate systems and varied levels f data prtectin. This apprach has led t redundant peratins, less than adequate security cntrls, with wide variances in adherence t and interpretatins f security standards, and installatins f varied sftware slutins. 1 1

2 A centralized Identity and Access Management (IAM) Service is being refreshed and we are in the prcess f migrating the first applicatins. This initiative aims at implementing an enterprise IAM Service t address these issues. Access Cntrl t Systems is a brad administrative and technlgy area that deals with identifying individuals in a system (such as a netwrk r an applicatin) and cntrlling their access t resurces within that system by assciating user rights and restrictins with the established identity. Access management is the enabling service that ensures access is granted t assets, such as infrmatin, technlgy, and facilities must be made available (accessible) fr use. This requires that persns (emplyees and citizens), bjects (such as systems), and entities (such as business partners) have sufficient (but nt excessive) levels f access t these assets. The challenge f authenticating and managing increased user accunts with the apprpriate level f access requires an integrated security framewrk that addresses aspects f user and rle administratin, authenticatin, authrizatin, and auditing/reprting at an enterprise level. The cnceptual verview belw illustrates hw the IAM framewrk prvides varius services t citizens, emplyees and business partners. Figure 1: Identify and Access Management Framewrk Figure 1 illustrates the fllwing framewrk: There are three high-level types f users: Citizens, Emplyees, and Business Partners. 2

3 Thrugh laptps, desktps, r mbile devices; these users access business services such as Educatin, Transprtatin, Taxes, License, Health, etc. thrugh varius agencies prtals. The Shared IAM Service supprts the Business Services with: Authenticatin, Authrizatin, Federated Apprach t IAM Identity Repsitry, Auditing & Reprting, Directry Services, Self-Service, Delegated Administratin, Autmatic Prvisining, Simplified Sign-n, and Security & Cmpliance. Security Respnse and Frensics Security Respnse and Frensics are prfessinal services that utilize multiple tls t reslve the business issues belw. Security Management is a prcess t stp unwanted activity, limit damage, and prevent recurrence f security events. Cmputer frensics is a standardized prcess t determine the cause, scpe, and impact f incidents and limit damage that may be used in legal r human resurce actins. Reprt an Security Respnse and Frensics is requested thrugh the MN.IT Services Service Desk. Security Management Objectives The service bjectives address sme specific aspects f the prcess where the timeliness f a respnse is critical t the successful management f an incident. Respect t cnfidentiality and sensitivity f the investigatins, limiting access t infrmatin t a need-t-knw basis is paramunt t this service. The bulk f the service is apprached in a prject fashin with designated milestnes, where an estimated level f effrt (LOE) is prvided in labr-hurs. Cmputer and Data Frensics Objectives Cmputer and Data Frensics service is apprached as a prject with designated milestnes, where a LOE is prvided in labr-hurs when the request is accepted and then refined when the plan is develped. This service can be dependent n resurces utside the span f cntrl f the service team; these dependencies are identified in the plan, and can affect the ability t meet the service bjectives. Security Training and Awareness Security Training and Awareness prvides emplyees at all levels with relevant security infrmatin and training t lessen the number f security incidents. Security Training and Awareness services are requested thrugh the MN.IT Services Service desk. MN.IT Services can prvide training and supprt in the fllwing areas: Generalized Security and Awareness Custmized Security Awareness and Training fr unique requirements Online training frm the SANS Institute (SysAdmin, Audit, Netwrking, and Security) Securing the Human Benefits Access Cntrl t Systems Simplifies User Experience - prvides a better experience fr users f state services by prviding access thrugh fewer user IDs and passwrds. Reduces Csts - leverages a centralized identity management slutin when custmers develp/refresh their gvernment systems. Typically, custmers have multiple applicatins that require Access Cntrl t 3

4 Systems. The service eliminates the need fr each custmer t manage users fr each system. This can be dne centrally and dne nce. In additin, service desk csts can be lwered thrugh self-service accunt management. Imprves Security remves inactive accunts that n lnger have a valid wner acrss all platfrms and applicatins with a single actin. Simplified Integratin integrate gvernment services and external entities such as business partners. Security Respnse and Frensics Security Respnse and Frensics custmers receive these benefits: Security prfessinals will: Manage security incident case assignments and the security investigatin prcess with a need-tknw basis Mbilize emergency and third party investigatin and respnse prcesses, when necessary Cnsult with system wners t help quarantine incidents and limit damage Cnsult with HR n vilatins f apprpriate use plicy Cmmunicate with law enfrcement, when necessary Business issues addressed: Custmer Specific s Denial f Service Security Plicy Vilatins Malware Physical Lss/Theft/Damage Unauthrized Access Unauthrized Alteratin/Destructin Unauthrized Disclsure Security Awareness and Training Security Awareness and Training custmers receive these benefits: Cmpliance with security awareness and training plicies Security prfessinals will: Standard Features Crdinate general security awareness training fr all emplyees and cntractrs Crdinate security training fr grups with specialized needs, such as applicatin develpers Prvide persistent and regular messaging relating t cyber security threats and vulnerabilities This sectin describes the standard features f Security Services. Where applicable, custmer ptins are nted, alng with feature limits and the respnsibilities f MN.IT Services. 4

5 Access Cntrl t Systems Statewide ID prvides a better experience fr users f state services by prviding access thrugh a single user ID and passwrd. It is much easier fr the state and the user t have a single ID t manage the authrizatin than have multiple user IDs. Identity Prfing prvides a level f trust fr user identities accessing yur applicatins. Using a central identity repsitry eliminates the need fr each custmer t perfrm identity prfing. Single Administratin Pint eliminates the need fr each custmer t manage identities in multiple places. Inactive accunts can be remved frm all platfrms and applicatins with a single actin. This can be dne centrally and dne nce. Privileged Accunt management is prvided with specialized tls and prcesses. This ensures system changes can be made whenever necessary withut cncern fr undetected misuse f resurces. Accunt Management is prvided thrugh the MN.IT Services Service Desk. Service Desk staff ensures passwrd resets are cmpleted per business requirements. Security Certificates can be managed by MN.IT Services s systems are secure and the certificates are nt expired. Access Cntrl t Systems Custmer Respnsibilities 1. Integratin and migratin technical supprt is part f the basic service, but the applicatin integratin with the IAM Service is the respnsibility f the applicatin wner. 2. The custmer is respnsible fr assisting in the peratin f the Access Cntrl t Systems Service. These respnsibilities are: a. Maintain the list f delegated administratrs. b. Maintain list f citizen, emplyee, and business partner identities. c. Prvide MN.IT Services with lgging and reprting requirements based n regulatry cmpliance. d. Supprt disaster recvery testing and declaratins. e. Maintain cntact list t respnd t security incidents. Security Respnse and Frensics Security Respnse and Frensics is respnsible fr determining the cause, scpe, and impact f incidents t stp unwanted activity, limit damage, and prevent recurrence. Cmputer and Data Frensics is a standardized prcess that determines the cause, scpe, and impact f incidents that may be used in legal r human resurce actins. Security Management Prcess Security Management is a prcess that is triggered by the detectin f an event. When an event is detected this prcess evaluates the event t determine if a security incident has ccurred. The Security Management cnsists f five prcesses described n the next page: 5

6 Figure 2: Security Management Prcess Flw Recrding Validatin Classificatin Investigatin Reprting Figure 2 illustrates the fllwing prcess flw: Recrding includes the cntact infrmatin and required data t be cllected at the time f recrding Validatin includes the prcesses and tls fr validating recrded security events Classificatin includes the definitins and classificatins f validated security incidents Investigatin includes steps and prcedures fr islating, eradicating and remediating security incidents Reprting includes the required prcesses fr reprting n security incidents The service bjectives address sme specific aspects f the prcess where the timeliness f a respnse is critical t the successful management f an incident. The bulk f the service hwever is apprached in a prject fashin with designated milestnes, where an estimated LOE is prvided in labr-hurs. Cmputer and Data Frensics Prcess Cmputer and Data Frensics can be a part f Security Management, but is als ffered as a standalne service t supprt custmer-specific incident management, r t prvide additinal, in-depth cllectin and analysis f data bjects. The cmputer and data frensics service cnsists f fur prcesses. Figure 3: Cmputer and Data Frensics Prcess Flw Initiate Frensics Assess Situatin Cllect and Analyze Data Reprting Figure 3 illustrates the fllwing prcess flw: Initiate Frensics includes the cntact infrmatin and required data t be cllected at time f recrding Assess Situatin includes insuring the infrmatin is cmplete, establishing the legal authrity, and develping the scpe and the plan. Cllect and Analyze Data includes gathering and analyzing all f the pertinent data. Reprting includes the creatin and issuance f the final reprt Security Respnse and Frensics Custmer Respnsibilities The success f incident management is predicated n the timeliness f the identificatin and ntificatin f a security event. It is the custmer s respnsibility t cntact the MN.IT Services Service Desk prmptly t initiate the security incident management prcess. Security Awareness and Training Security Awareness and Training is respnsible fr prviding emplyees at all levels with relevant security infrmatin and training t lessen the number f security incidents. Security Awareness and Training Service Features are: 6

7 Security Awareness and Training cntent develped and made available Crdinate and prvide training fr: All emplyees and cntractrs Grups with specialized needs, such as applicatin develpers Special events such as: Natinal Cyber Security Awareness Mnth Prvide persistent and regular messaging relating t cyber security threats and vulnerabilities Security Awareness and Training Custmer Respnsibilities When the custmer has a training requirement, the custmer has the respnsibility t cntact MN.IT Services. Related Infrmatin Minnesta Statutes 2011 Chapter 16E (Office f Enterprise Technlgy) Minnesta Statutes 2011 Chapter 13, Minnesta Data Practices Act Enterprise Technlgy Fund 970 Rate Schedule Enterprise Infrmatin Security Plicies and Standards n MN.IT website Operatinal dcuments / infrmatin n MN.IT website Security Services Service Level Agreement Identificatin and Authenticatin Security Standard Identity and Access Management Architecture Standards Infrmatin Security Management Standard Infrmatin Security Management Plicy Infrmatin Security Management Prcess Overview Cmputer and Data Frensics Prcess Overview Sectin 7 Infrmatin Security 7

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

IT CHANGE MANAGEMENT POLICY

IT CHANGE MANAGEMENT POLICY IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement

More information

The user authentication process varies from client to client depending on internal resource capabilities, and client processes and procedures.

The user authentication process varies from client to client depending on internal resource capabilities, and client processes and procedures. Learn Basic Single Sign-On Authenticatin Tale s Basic SSO applicatin grants Learn access t users withut requiring that they enter authenticatin lgin credentials (username and passwrd). The access pint

More information

Information Technology Department REQUEST FOR PROPOSALS

Information Technology Department REQUEST FOR PROPOSALS Infrmatin Technlgy Department REQUEST FOR PROPOSALS Identity and Access Management Service Design and Technlgy Implementatin January 11, 2013 Prpsals due by 4 p.m. n February 1 st, 2013 Attachment 2 Prject

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Zimbra Professional Services Portfolio, Purchasing Guide & Price List

Zimbra Professional Services Portfolio, Purchasing Guide & Price List In- Tuitin Netwrks Ltd Zimbra Prfessinal Services Prtfli, Purchasing Guide & Price List This dcument prvides an verview f In- Tuitin Netwrks Limited s range f Zimbra Prfessinal Services available n the

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD)

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD) State f Wiscnsin Divisin f Enterprise Technlgy (DET) Distributed Database Hsting Service Offering Definitin (SOD) Distributed Database Hsting SOD Page 1 12/9/2010 Dcument Revisin Histry (Majr Pst Publishing

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Service Level Agreement Distributed Hosting and Distributed Database Hosting

Service Level Agreement Distributed Hosting and Distributed Database Hosting Office f Infrmatin Technlgy Services Service Level Agreement Distributed Hsting and Distributed Database Hsting Nvember 12, 2013 Service Descriptin Distributed Hsting and Distributed Database Hsting Service

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

Oracle Cloud Enterprise Hosting and Delivery Policies

Oracle Cloud Enterprise Hosting and Delivery Policies Oracle Clud Enterprise Hsting and Delivery Plicies Statement f Changes Versin 1.5, 6/01/2015 This dcument utlines changes made t the Oracle Clud Enterprise Hsting and Delivery Plicies dated December 1,

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

Datasheet. PV4E Management Software Features

Datasheet. PV4E Management Software Features PV4E Management Sftware Features PV4E is a field prven cmprehensive slutin fr real-time cntrl ver netwrk infrastructure and devices The new and refreshed Graphic User Interface (GUI) is nw even mre attractive,

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Change Management Process For [Project Name]

Change Management Process For [Project Name] Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management

More information

Build the cloud OpenStack Installation & Configuration Integration with existing tools and processes Cloud Migration

Build the cloud OpenStack Installation & Configuration Integration with existing tools and processes Cloud Migration Slutin Brief OpenStack Services OVERVIEW OnX understands clud adptin challenges f glbal enterprise cmpanies and helps Enterprises adpt OpenStack slutins thrugh targeted services. We ffer vertical industry

More information

Symantec Managed Data Loss Prevention

Symantec Managed Data Loss Prevention Symantec Managed Data Lss Preventin Service Descriptin Service Overview This Service Descriptin, with any attachments included by reference, is part f any agreement which incrprates this Service Descriptin

More information

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security ISMF Standard 141 OCIO/S4.6 Gvernment standard n cyber security Prepared by: Office f the Chief Infrmatin Officer Versin: v1.0 Date: 12 September 2014 GOVERNMENT STANDARD ON CYBER SECURITY OCIO/S4.6 Cnfidentiality:

More information

Database Services - Extended

Database Services - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and Database Services t dcument: The technlgy services Database Services prvides t the custmer. The targets fr respnse times, service

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

UBC Incident Response Plan V1.5

UBC Incident Response Plan V1.5 UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

Service Request Form

Service Request Form New Prfessinal Services Order Frm Editable PDF Service Request Frm If yu have any questins while filling ut this frm, please cntact yur CDM, email Prfessinal Services at PS@swipeclck.cm, r call 888-223-3250

More information

Agency Operations Plan 2015-17

Agency Operations Plan 2015-17 Agency Operatins Plan 2015-17 Agency: Nrth Dakta Public Emplyees Retirement System (NDPERS) Line f Business: (ptinal) The Public Emplyees Retirement System is the administratr f several emplyee benefit

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved. Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Oakland County Department of Information Technology Project Scope and Approach

Oakland County Department of Information Technology Project Scope and Approach Oakland Cunty Department f Infrmatin Technlgy Prject Scpe and Apprach Prject Name: Web-Based Permanency Database Prject ID: DB1314PD Leadership Grup: Curts Department: Circuit Curt Divisin: Family Prject

More information

Team Leader, Cyber Threat Management

Team Leader, Cyber Threat Management Security Analyst Rle Specificatin Rle Title: Security Analyst Cyber Threat Management Business Unit: SBS (Suncrp Business Services) Lcatin: Brisbane Divisin: Crprate Shared Services Pay Band: 4 Department:

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

OITS Service Level Agreement

OITS Service Level Agreement OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.

More information

Incident Management-Roles and Responsibilities

Incident Management-Roles and Responsibilities Enterprise Services Incident Management- Rles and Respnsibilities Fr Key Stakehlders Table f Cntents 1. Intrductin:... 2 2. Objective:... 2 3. In Scpe:... 2 4. Out f Scpe:... 3 5. Incident Management is

More information

BUSINESS NEED SUMMARY TABLE: # Need P Concerns Current Solution Proposed Solution

BUSINESS NEED SUMMARY TABLE: # Need P Concerns Current Solution Proposed Solution EXTRACT FRO BUSINESS REQUIREENTS DOCUENT KEY BUSINESS NEEDS Business case drivers, prduct definitin dcumentatin, legal/regulatry, and ther stated requirements r needs that must be met by the final slutin

More information

IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT

IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT Chairpersn and Subcmmittee Members AUDIT AND RISK SUBCOMMITTEE 6 AUGUST 2015 Meeting Status: Public Purpse f Reprt: Fr Infrmatin IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT PURPOSE OF

More information

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No. HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

Unified Communications

Unified Communications Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number

More information

iseeu GLOBAL Software as a Service Software as a Service Service description iseeu Telecare Service Desk G-Cloud 7

iseeu GLOBAL Software as a Service Software as a Service Service description iseeu Telecare Service Desk G-Cloud 7 Service descriptin iseeu Telecare Service Desk Sftware as a Service Sftware as a Service G-Clud 7 Cntents Overview f Scial Care management service... 3 Telecare Service Desk - verview... 4 Benefits...

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

International Services Catalog Navigating the Security Landscape from Takeoff to Landing

International Services Catalog Navigating the Security Landscape from Takeoff to Landing Internatinal Services Catalg Navigating the Security Landscape frm Takeff t Landing Cpyright 2013 infrmatin security cnsulting All rights reserved Intrductin Infrmatin security cnsulting (i.s.c.) funded

More information

Presentation: The Demise of SAS 70 - What s Next?

Presentation: The Demise of SAS 70 - What s Next? Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS

More information

Good Secure Collaboration Suite Quickstart Program Description ( Quickstart Program Description )

Good Secure Collaboration Suite Quickstart Program Description ( Quickstart Program Description ) Gd Secure Cllabratin Suite Quickstart Prgram Descriptin ( Quickstart Prgram Descriptin ) This dcument includes all attached Annexes, is prvided fr infrmatinal purpses nly, and des nt in itself cnstitute

More information

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy AHLA C. Big Data, Clud Cmputing and the New Wrld Order fr Health Care Privacy Marti Arvin Chief Cmpliance Officer UCLA David Geffen Schl f Medicine Ls Angeles, CA Kirk J. Nahra Wiley Rein LLP Washingtn,

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This

More information

Intel Hybrid Cloud Management Portal Update FAQ. Audience: Public

Intel Hybrid Cloud Management Portal Update FAQ. Audience: Public Intel Hybrid Clud Management Prtal Update FAQ Audience: Public Purpse: Prepare fr the launch f the Intel Hybrid Clud Platfrm multi-user/multi-tier update Versin: Final FAQs What s new in the Intel Hybrid

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

POSITION NUMBER: LOCATION: Vancouver. DATE: February 2009

POSITION NUMBER: LOCATION: Vancouver. DATE: February 2009 POSITION TITLE: Team Lead Service Centre DIVISION/BRANCH: IS/IT CURRENT CLASSIFICATION LEVEL: IS27 SUPERVISOR S POSITION NUMBER POSITION NUMBER: LOCATION: Vancuver DATE: February 2009 SUPERVISOR S TITLE/CLASSIFICATION:

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

Date: October 24, 2013 Code: TECHNICAL LETTER HR/EHDB 2013-05. Common Human Resources System (CHRS) Security Plan and Requirements - Policy Guidelines

Date: October 24, 2013 Code: TECHNICAL LETTER HR/EHDB 2013-05. Common Human Resources System (CHRS) Security Plan and Requirements - Policy Guidelines Office f the Chancellr 401 Glden Shre, 4 th Flr Lng Beach, CA 90802-4210 562-951-4411 email: hradmin@calstate.edu Date: Octber 24, 2013 Cde: TECHNICAL LETTER HR/EHDB 2013-05 T: Human Resurces Officers

More information

Following steps are required for hosting of Web Site/ Web Application on NIC Cloud

Following steps are required for hosting of Web Site/ Web Application on NIC Cloud Natinal Infrmatics Centre Web Hsting Internal Dcument Fllwing steps are required fr hsting f Web Site/ Web Applicatin n NIC Clud 1. URL registratin t be dne by the user. 2. Submit yur request n "Get NIC

More information

Enhanced Enterprise Mobility Assessment Program Description

Enhanced Enterprise Mobility Assessment Program Description Enhanced Enterprise Mbility Assessment Prgram Descriptin NOTE: This dcument is prvided fr infrmatinal purpses nly, and des nt in itself cnstitute a binding legal dcument. BlackBerry assumes n respnsibility

More information

Customer Support & Software Enhancements Policy

Customer Support & Software Enhancements Policy Custmer Supprt & Sftware Enhancements Plicy Welcme t Manhattan Assciates Custmer Supprt Organizatin (CSO). Staying current n Custmer Supprt & Sftware Enhancements and n a supprted versin f the licensed

More information

Organisational self-migration guide an overview V1-5 April 2014

Organisational self-migration guide an overview V1-5 April 2014 Organisatinal self-migratin guide an verview V1-5 April 2014 Cpyright 2013, Health and Scial Care Infrmatin Centre. 1 Self Migratin t NHSmail an verview fr rganisatins Cntents Intrductin 3 1. Initial preparatins

More information

General Information Project Title. Enterprise Service Management Reporting 7/3/2012 Project Manager Phone Email

General Information Project Title. Enterprise Service Management Reporting 7/3/2012 Project Manager Phone Email Prject Charter General Infrmatin Prject Title Date Enterprise Service Management Reprting 7/3/2012 Prject Phne Email Jdi Muller 415.476.2821 Jdi.Muller@ucsf.edu Executive Spnsr Phne Email Opinder Bawa

More information

Introduction to Mindjet MindManager Server

Introduction to Mindjet MindManager Server Intrductin t Mindjet MindManager Server Mindjet Crpratin Tll Free: 877-Mindjet 1160 Battery Street East San Francisc CA 94111 USA Phne: 415-229-4200 Fax: 415-229-4201 mindjet.cm 2013 Mindjet. All Rights

More information

NERC-CIP Cyber Security Standards Compliance Documentation

NERC-CIP Cyber Security Standards Compliance Documentation Cmpliance Dcumentatin Briv OnAir 8/3/20154 Page 2 Overview This dcument is intended t be the primary surce f infrmatin fr Briv s cmpliance with the Nrth America Electric Reliability Crpratin (NERC) reliability

More information

STANDARDISATION IN E-ARCHIVING

STANDARDISATION IN E-ARCHIVING STANDARDISATION IN E-ARCHIVING R E Q U I R E M E N T S A N D C O N T R O L S F O R D I G I T I S AT I O N A N D E - A R C H I V I N G S E R V I C E P R O V I D E R S Alain Wahl 1 Requirements and cntrls

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information

Helpdesk Services at the Executive Office of Energy and Environmental Affairs is defined as follows:

Helpdesk Services at the Executive Office of Energy and Environmental Affairs is defined as follows: 5. Helpdesk Services 5.1 Sectin Overview This sectin f the plan defines Helpdesk Services at EOEEA as well as the key ratinale and benefits f cnslidating Helpdesk Services. Descriptins f the baseline current

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

Enterprise Security Management CIS 259

Enterprise Security Management CIS 259 Enterprise Security Management CIS 259 Prerequisites CIS 175 Descriptin This curse is designed t cver the managerial aspects f cmputer security and risk management fr enterprises. The student will attain

More information

Request for Proposal Technology Services

Request for Proposal Technology Services Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage

More information

Systems Load Testing Appendix

Systems Load Testing Appendix Systems Lad Testing Appendix 1 Overview As usage f the Blackbard Academic Suite grws and its availability requirements increase, many custmers lk t understand the capability f its infrastructure. As part

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

Interworks Cloud Platform Citrix CPSM Integration Specification

Interworks Cloud Platform Citrix CPSM Integration Specification Citrix CPSM Integratin Specificatin Cntents 1. Intrductin... 2 2. Activatin f the Integratin Layer... 3 3. Getting the Services Definitin... 4 3.1 Creating a Prduct Type per Lcatin... 5 3.2 Create Instance

More information

Managed Services. Request for Proposal. February 19, 2014. Version 1.1

Managed Services. Request for Proposal. February 19, 2014. Version 1.1 Managed Services Request fr Prpsal February 19, 2014 Versin 1.1 1 Cntents 1 Overview...3 Abut Cnnect fr Health Clrad (C4HCO)...3 Overview and backgrund infrmatin:...3 List f remte managed services bth

More information

Credit Report Reissue Recommendation TABLE OF CONTENTS

Credit Report Reissue Recommendation TABLE OF CONTENTS T: Credit Reprting Wrkgrup Frm: Mike Bixby (305) 829-5549 MBixby@LandAm.cm Paul Wills (770) 740-7353 Paul.Wills@Equifax.cm Date: February 13, 2007 Re: Credit Reprt Reissue Recmmendatin The MISMO Credit

More information

REQUEST FOR PROPOSAL SECURITY SERVICES

REQUEST FOR PROPOSAL SECURITY SERVICES REQUEST FOR PROPOSAL SECURITY SERVICES Sectin I INTRODUCTION [Cmpany] is seeking prpsals frm qualified Cntractrs t prvide unifrmed security service fr [Cmpany] facilities at [Lcatin(s)]. This dcument is

More information

CCISO. Qualifying areas under Domain 1 include (but are not limited to) the following:

CCISO. Qualifying areas under Domain 1 include (but are not limited to) the following: CCISO Ttal Duratin: 10 Days, 80 Hurs Dmain 1: Gvernance Qualifying areas under Dmain 1 include (but are nt limited t) the fllwing: Define, implement, manage and maintain an infrmatin security gvernance

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

BYOD and Cloud Computing

BYOD and Cloud Computing BYOD and Clud Cmputing AIIM First Canadian Chapter May 22, 2014 Susan Nickle, Lndn Health Sciences Centre Chuck Rthman, Wrtzmans Sheila Taylr, Erg Infrmatin Management Cnsulting Clud cmputing Agenda What

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

Privacy Breach and Complaint Protocol

Privacy Breach and Complaint Protocol Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information