Sample Corporate Mobile Device Acceptable Use and Security Policy

Size: px
Start display at page:

Download "Sample Corporate Mobile Device Acceptable Use and Security Policy"

Transcription

1 Sample Crprate Mbile Device Acceptable Use and Security Plicy BYOD plicy template made publicly available by a Frtune 1000 Insurance Cmpany CISO WISEGATE MEMBER CONTENT Ranch Rad 620 Suth # Austin, Texas

2 Table f Cntents Intrductin... 3 Plicy Develpment Prject Intrductin... 4 Material Under Review r Develpment... 4 Active Plicy... 4 Objective and Scpe... 4 Plicy Develpment Team... 4 End-User Plicy... 5 Plicy Artifact... 5 Technical Plicy... 9 Secure Cnfiguratin Plicy Blackberry Device Supprt Apple Device Supprt Andrid Device Supprt Mbile Device Applicatin Develpment General Infrmatin Security Cntrls Key Reference Artifacts Scializatin and Cmmunicatin Plan RACI Rle Definitins Review Ladder Authrizatin Cmmunicatins and Publishing Plan Cnclusin Wisegate. All Rights Reserved. The infrmatin cntained in this publicatin has been btained frm surces believed t be reliable. Wisegate disclaims all warranties as t the accuracy, cmpleteness r adequacy f such infrmatin and shall have n liability fr errrs, missins r inadequacies in such infrmatin. This publicatin cnsists f the pinins f Wisegate members and shuld nt be cnstrued as statements f fact. The pinins expressed herein are subject t change withut ntice. Sample Crprate Mbile Device Acceptable Use and Security Plicy 2

3 Intrductin As the markets fr smart phnes and tablet cmputers have explded in the past few years, mst rganizatins are grappling with hw t explit these cnsumer-riented devices in a business cntext while mitigating the security risks that can result frm their use. In fact, this is prbably ne f yur ht buttns right nw. Like yu, the Wisegate members and their teams are tackling this urgent issue, trying t develp and implement sund plicies and practices pertaining t BYOD, r bring yur wn device. With exclusive access t a vetted grup f senir-level IT security prfessinals, Wisegate members are able gain insights int what their peers are ding and learn frm their successes and failures. This sample Crprate Mbile Device Acceptable Use and Security Plicy, is an example f Wisegate member cntent that is typically shared nly between Wisegate members. Originally develped by a Wisegate member CISO frm a Frtune 1000 Insurance cmpany, the sample Crprate Mbile Device Acceptable Use and Security Plicy cntained in the fllwing pages, nt nly prvides an inside view int hw thers cmpanies are appraching the plicy challenges presented by BYOD, but will als save yu frm the time cnsuming and nerus prcess f creating yur wn plicy frm scratch. Wisegate Membership Has Its Advantages Learn hw yur peers use Wisegate t cnduct research and trade IT knwledge. Wisegate members are sme f the mst experienced IT and security executives and managers in the wrld. They wrk fr multi-natinal crpratins, educatinal institutins, gvernment and nn-prfit agencies acrss virtually every majr industry. Because f their psitins and levels f respnsibility, Wisegate members are ften n the frefrnt f addressing new issues and challenges related t the use f infrmatin technlgy and the prtectin f enterprise data and they trade the knwledge they ve gained thrugh experience using Wisegate. Sharing the Wisdm f IT Experts» Wisegate desn t allw vendrs, analysts r IT rkies jin.» 100% f members are senir-level (IT executive, directr r manager).» 89% f members have 16+ years experience in IT. Schedule yur tur wisegateit.cm/resurces/bk-a-tur Wisegate Member Cntent 3

4 Plicy Develpment Prject Intrductin The purpse f this dcument is t facilitate the develpment and review f Crprate Infrmatin Security Plicies, Standards, Prcedures and ther cntrl matter relevant t Crprate infrmatin security psture. Material Under Review r Develpment A descriptin f the cntrl material (plicy, standard, prcess, guideline, directive, etc.) under review. Mbile Device Acceptable Use & Security Plicy Active Plicy The written material actively affecting cntrl. This is typically a plicy, standard, prcess, guideline, directive, etc. User Plicy Smartphne Acceptable Use Plicy versin XX. (link t published material) Cnfiguratin Plicy 7.08 Wireless Device Cmmunicatins and Cnnectivity. (link t published material) Objective and Scpe The bjective is t endrse and enable fr Crprate business use: Persnally wned mbile devices Crprate wned mbile devices Plicy Develpment Team Member Rle Prject Facilitatin; Research; Plicy Release Candidate Preparatin Advisr: Infrmatin Security SME; CISO Technical Operatins ITS ITS CIO; Plicy Apprval Sample Crprate Mbile Device Acceptable Use and Security Plicy 4

5 End-User Plicy Plicy Artifact This sectin cntains the plicy cntent that will be published t all emplyees. Plicy Title Existing SmartPhne Acceptable Use Plicy New Mbile Device Acceptable Use and Security Plicy Purpse The purpse f this plicy is t establish the criteria gverning the authrized use f persnal r crprate wned smartphne and tablet (mbile) devices where the wner has established access t the Cmpany s Systems enabling them t send and receive wrk related e mail messages and cnduct ther cmpany business. Plicy Statement Emplyees may use apprved persnally wned and crprate wned mbile devices t access the Cmpany messaging system and the apprved Crprate wireless netwrk as necessary in the curse f their nrmal business rutines in supprt f the Cmpany's published gals and bjectives. User Respnsibility General User agrees t a general cde f cnduct that recgnizes the need t prtect cnfidential data that is stred n, r accessed using, a mbile device. This cde f cnduct includes but is nt limited t: Ding what is necessary t ensure the adequate physical security f the device Maintaining the sftware cnfiguratin f the device bth the perating system and the applicatins installed. Preventing the strage f sensitive cmpany data in unapprved applicatins n the device. Ensuring the device s security cntrls are nt subverted via hacks, jailbreaks, security sftware changes and/r security setting changes Reprting a lst r stlen device immediately Wisegate Member Cntent 5

6 Persnally Owned Devices The persnal smartphne and tablet devices are nt centrally managed by Crprate IT Services. Fr this reasn, a supprt need r issue related t a persnally wned device is the respnsibility f the device wner. Specifically, the user is respnsible fr: Settling any service r billing disputes with the carrier Purchasing any required sftware nt prvided by the manufacturer r wireless carrier Device registratin with the vendr and/r service prvider Maintaining any necessary warranty infrmatin Battery replacement due t failure r lss f ability t hld a charge Backing up all data, settings, media, and applicatins Installatin f sftware updates/patches Device Registratin with Crprate IT Services Crprate Owned Devices Crprate wned smartphne and tablet devices are centrally managed by Crprate IT Services. Specifically, the user is respnsible fr: Installatin f sftware updates Reprting lst r stlen device immediately Crprate IT Services Supprt Respnsibility The fllwing services related t the use f a persnal smartphne r tablet are prvided by Crprate IT Services:» Enabling the device t access the web-based interface f the system. This is a default capability. Persnal device registratin is nt required.» Enabling the device t access the web-based applicatin system. This is a default capability. Persnal device registratin is nt required.» , Calendar and Cntact Sync service cnfiguratin. Persnal device registratin is required.» Wi-Fi Internet Access cnfiguratin. This service is limited t the facility. Persnal device registratin is required. Persnal will nt sync when cnnected t the Cmpany netwrk.» Devices nt cmpliant with secure cnfiguratin standards will be unsubscribed frm Mbile Device services. Sample Crprate Mbile Device Acceptable Use and Security Plicy 6

7 Access Registratin Requirement T cmply with this plicy the mbile device user must agree t:» Register the device via Crprate place. Wrk Tls, Self Service Tls, Services Request Frms, Technlgy Service Center Frm, Mbile Device Plicy Acceptance.» Device reset and data deletin rules belw.» Device must be encrypted r user must purchase sftware t ensure data n the device is encrypted.» Installatin f Mbile Device Management slutin n the device (prvided by Crprate IT Services).» Acceptance f Crprate Mbile Device Acceptable Use and Security Plicy (this plicy). Security Plicy Requirements The user is respnsible fr securing their device t prevent sensitive data frm being lst r cmprmised and t prevent viruses frm being spread. Remval f security cntrls is prhibited. User is frbidden frm cpying sensitive data frm , calendar and cntact applicatins t ther applicatins n the device r t an unregistered persnally wned device. Security and cnfiguratin requirements:» Sensitive data will nt be sent frm the mbile device. Secur services will be utilized in such cases.» The device perating system sftware will be kept current.» The data n the device will be remved after 10 failed lgn attempts.» The device will be cnfigured t encrypt the cntent.» The device will be cnfigured t segregate crprate data frm persnal data.» User agrees t randm spt checks f device cnfiguratin t ensure cmpliance with all applicable Crprate infrmatin security plicy. Wi-Fi Access t Crprate Netwrk Users wh cnnect t the Cmpany Wi-Fi netwrk with a persnally wned device will be allwed access t Crprate systems and resurces available via the Internet. Wisegate Member Cntent 7

8 Blackberry Phnes Blackberry users wh cnnect t the Cmpany System can have the security settings autmatically enabled n their device thrugh the Blackberry Security Plicy. This is highly recmmended. Other benefits f cnnecting t the Cmpany System via the Cmpany Blackberry Enterprise Server include:» Autmatic backup» Autmatic cmpliance» Autmatic encryptin» Blackberry t blackberry text messaging» Peace f mind. Crprate will ensure the device is prperly cnfigured and if yu shuld ever lse it yu will have nly t reprt the incident, get a replacement phne and have the cnfiguratin backup restred t the new device. Lss, Theft r Cmprmise If the device is lst r stlen, r if it is believed t have been cmprmised in sme way, the incident must be reprted immediately by cntacting Physical Security, the Technlgy Service Center r a member f the user s management team. Cmpany s Right t Mnitr and Prtect The Cmpany has the right t, at will:» Mnitr Crprate messaging systems and data including data residing n the user s mbile device» Mdify, including remte wipe r reset t factry default, the registered mbile device cnfiguratin remtely Device Reset and Data Deletin Device user understands and accepts the Cmpany data n the device will be remved remtely under the fllwing circumstances:» Device is lst, stlen r believed t be cmprmised» Device is fund t be nn-cmpliant with this plicy» Device inspectin is nt granted in accrdance with this plicy» Device belngs t a user that n lnger has a wrking relatinship with the Cmpany. Nte: the selective wipe capability is available fr IOS based devices nly. BlackBerry OS based devices will be reset t the factry default.» User decides t un-enrll frm the Mbile Device Plicy and Management slutin Sample Crprate Mbile Device Acceptable Use and Security Plicy 8

9 Enfrcement Any user fund t have vilated this plicy may be subject t disciplinary actin, including but nt limited t:» Accunt suspensin» Revcatin f device access t the Cmpany System» Data remval frm the device» Emplyee terminatin Technical Plicy This sectin reflects changes needed t existing technical plicy material. Data Segregatin n mbile devices Crprate data must be kept separate frm persnal data Apprved Technlgy All wireless LAN access prvisined t the Cmpany Netwrk must use crprateapprved vendr prducts and security cnfiguratins. Crprate wned assets, and thse explicitly allwed per the Mbile Device Plicy, are the nly devices that can be apprved and authrized fr use n the Cmpany Netwrk. Hme-based wireless netwrks are nt supprted by the Cmpany. If a hmebased wireless netwrk is encrypted using WPA r later Crprate equipment may be cnfigured fr access t the netwrk. Wisegate Member Cntent 9

10 Secure Cnfiguratin Plicy Blackberry Device Supprt Blackberry OS based smartphne and tablet devices are supprted at this time. Apple Device Supprt» Apple IOS based smartphne and tablet and ituch devices are supprted at this time.» Only IOS Versin 5 devices are supprted at this time Un-tethered Jailbreak Risk Risk and Cmpensating Cntrl: T address the risk f an un-intentinal jail break resulting in data cmprmise n versin f the IOS knwn t be susceptible t a nntethered jailbreak explitatin will be allwed t remain subscribed t the Cmpany Mbile Media services. Andrid Device Supprt Andrid devices are nt supprted at this time. (Mre Infrmatin) Andrid Risk Infrmatin The Andrid s biggest iphne differentiatr is its penness. The Andrid perating system is mre custmizable; its applicatin mdel mre pen and its app distributin apprach is much less restrictive (including a lwer apprval bar in the Andrid Market while als allwing apps t be prliferated utside f the market). That freedm pens the dr t ptential and actual security prblems. What ther cmpanies are ding and why» Earlier this year Ggle COMPANY X was frced t pull mre than 50 Andrid apps that reprtedly were nt nly infected with malware but were stealing user data frm devices.» COMPANY Y recently remved Andrid device supprt fr the Enterprise fr security reasns.» COMPANY Z des nt supprt Andrid fr security issues with the applicatin ecsystem and because f platfrm insecurities. Sample Crprate Mbile Device Acceptable Use and Security Plicy 10

11 Mbile Device Applicatin Develpment This plicy des NOT address applicatin develpment r deplyment f custm built applicatins t a mbile device. General Infrmatin Security Cntrls Intrductin The mass-adptin f bth cnsumer and crprate wned mbile devices has increased emplyee prductivity but has als expsed the Cmpany t new security risks. Current cntrl technlgies may be insufficient t prtect the enterprise assets that regularly find their way nt devices. Cmplicating the security picture is the fact that virtually all f tday s mbile devices perate in an ecsystem, much f it nt cntrlled by the Cmpany. Devices cnnect and synchrnize ut-f-the-bx with third-party clud services and cmputers whse security psture is ptentially unknwn and utside f the Cmpany s cntrl. Cntrl Risks While the decisin t allw emplyees t use mbile and persnal devices, t imprve prductivity and wrk efficiency, the Cmpany is ding s ever-aware f the risks utlined belw: Sensitive Data Expsure Expsing sensitive data. As emplyees use mre and different mbile devices in varius settings, they are mre likely t lse thse devices r have them stlen. Malware Intrducing malware t the Cmpany netwrk. It is already difficult t maintain netwrk security with standardized devices via cntrlled access. Fr this reasn the Cmpany has screened the multitude f nn-standardized devices end-users might wish t cnnect t the Cmpany netwrk and selected slutins that enable bth flexibility and essential cntrls. C-Mingling Crprate and Persnal Data Greater need t cntrl netwrk access and ensure data privacy. When emplyees leave an rganizatin, r they lse a mbile device, The Cmpany needs t quickly terminate netwrk access and restrict access t crprate data residing n the device. Wisegate Member Cntent 11

12 Crprate Data Segmentatin and Encryptin Crprate data must be prtected and segmented at all times frm the emplyee's persnal data stred n the device. Initial Service Cntrl Features and Plicy Essential Access Cntrls The essential basic access cntrls are supprted Passwrd Strength Inactive Device Lckut Encryptin Remte Data Remval Web Applicatin Access Outlk Web Access Crprate Applicatins Prtal available via Citrix Native Sync Enabled Users enjy the native applicatin experience. Allwing mbile devices t access Crprate systems thrugh the native applicatin is ideal because the native applicatin is designed fr the mbile device frm factr. Frcing smene t read using a web-based interface falls shrt f the user s expectatin. Sme security slutins require using web-based access t r a secnd nn-native applicatin. The Cmpany plicy enables the use f the native applicatin giving the user the rich functinality they expect. Risk: The Native IOS applicatin allws unintentinal and malicius mvement f t and frm the Cmpany BPOS accunt and any persnal accunts. Cmpensating Cntrl: The prblem f data leakage between accunts n the device is mitigated by the IOS 5.0 release and leveraged via the Mbile Device Management (MDM) system. MDM plicy will prevent mving directly between accunts. Secure Send feature Nt Supprted Secure feature nt supprted n mbile devices Initial and Annual cmmunicatins f acceptable use must be cmmunicated t the service user base Sample Crprate Mbile Device Acceptable Use and Security Plicy 12

13 Web Filtering Limited Supprt Web filtering services are available n a mbile device at this time nly if the device is accessing the Internet via the Cmpany Wi-Fi netwrk. WiFi Access t Internal Resurces - Limited Qualified persnal devices are allwed t leverage the Cmpany netwrk t access Internet based services Access t the Cmpany s Wi-Fi netwrk has been cnfigured t enable a mbile device (crprate wned r persnal) t cnnect, in a lgically segregated and secured way (cntrlled) way, t the Cmpany crprate netwrk. Only Crprate resurces already available via the Internet are accessible. Persnal access via SMTP n any Crprate Wi-Fi netwrk is nt supprted Mbile Device Management Mbile Device Management (MDM) slutins are the fundatin f a secure mbile device deplyment. MDM makes cnfiguratin cntrl pssible. Risk: MDM slutins are nt necessarily security-centric and d nt typically cver all the security fundamentals. The MDM tls reality is that mst Mbile Device Management slutins prvide a set f capabilities that address nly sme f the security prblems presented by Mbile Devices. Cmpensating Cntrl: The essential MDM use cases such as enfrcing a pass cde, encryptin f stred data and wiping a device if it gets lst are being fulfilled by the MDM vendr selected by the Cmpany. Crprate and persnal data separatin Crprate data will be kept separate frm persnal data. User Awareness f Their Respnsibilities All authrized mbile device users will be reminded every six mnths f their respnsibilities. Wisegate Member Cntent 13

14 Abut Persnal Data Access General Cuncil wishes t understand what access Crprate has t persnal data n a persnal device. Can Crprate mnitr r bserve the data? NO, we have the ability t mnitr encryptin, security cntrls, installed applicatins, app distributin, MDM prfiles, Device Jailbrken, but nt data with exceptin f Crprate cnfigured ( , calendar, cntacts). Is this access limited t deletin nly? YES, all Crprate cnfigured data is remved nce un-enrlled frm MDM r reset t factry default.(this excludes any data manually mved t ther applicatins n the device by the user). Cmpliance and Reprting Cmpliance and Security Reprting The security slutin must be able t reprt what cntrls plicy has been deplyed, that a device is nt rted r Jailbrken and that plicy cntrls applied are in still in place. Thinking f a mbile device as if it were a laptp r a persnal cmputer als requires ne t knw if the SD card is encrypted, r if any anti-malware cntrls are current and running r if smene is accessing illicit web cntent. The selected cntrls t enfrce security plicies n mbile devices must meet these requirements if the Cmpany is t maintain the current infrmatin security psture. Detectin and Preventin f Data Leaks Data seeping r leaking frm/t persnally wned devices remains a realm f cntrl cncern. This is true fr MDM slutins including the slutin selected by the Cmpany. It is pssible, even with the selected cntrl sftware in place, t experience data and malware leakage t and frm mbile devices thrugh the native iphne/ipad client. This means and attachments cntaining sensitive data (PII, M&A futures, Medical claims dialg, etc.) can mve frm a Crprate managed system t a nn- Crprate system easily and intuitively. This exfiltratin/infiltratin f data can be unintentinal r malicius. The Apple IOS 4.x Mail applicatin makes it simple t file an frm a Crprate accunt t a persnal Yah r Gmail accunt and vice versa. There are n cntrls in place t prevent this. In fact the applicatin is designed t enable this t make management f multiple accunts easier fr the mbile device user. Sample Crprate Mbile Device Acceptable Use and Security Plicy 14

15 It is assumed that mbile device cntrls will be enhanced t address this prblem when the technical means t d s is viable. Fr example, preliminary reprts exist that the next majr Apple IOS release, Versin 5.0, will n lnger allw this t ccur. Similarly, there may, in the future, be an imprvement t the mbile device management sftware system used by the Cmpany that can cntrl this thrugh cnfiguratin cntrls. Update: the Cmpany MDM slutin will prvide file transfer preventin under ios5. Supprt fr pre-ios5 will be suspended fllwing the availability f ios versin 5. Patch Management Security patching is fundamental in the Desktp and Server Management spaces and are required in rder t clse vulnerabilities as they are discvered and befre they are explited. Sme relief cmes frm the OS vendrs wh are suppsed t keep yur device current. The vendr selected by the Cmpany has a way t patch a device, t reslve vulnerability quickly and ensure these devices remain cmpliant with cmpany security patch management plicy. Archival f Text Messages - Limited Crprate requirements dictate archiving f all s and SMS messages sent frm a device used t cnduct Crprate business. This capability is simply nt in place. The deplyment team will address the need fr users t be educated abut the apprpriate use f texting apps. It is assumed that mbile device cntrls will be enhanced t address this prblem when the technical means t d s is viable. Update: This capability is simply nt in place fr SMS messages but is in place fr all thrugh ur standard EHA archival system. Malware Cntrl Inevitable malware threats remain a cncern n all cmputing platfrms. Mbile devices are nt alne here. The Apple IOS prvides a sftware quality ecsystem and applicatin sandbxing t cunter this threat t sme extent. If an applicatin in the Apple App Stre is discvered t be malware, Apple has the ability t kill the applicatin and remve it frm the installed base. This is a significant deterrent t a wuld-be iphne/ipad malware writer. What is the pint f writing malware if the planet s ppulatin f IOS devices can be cleaned f it in the span f 24 hurs nce discvered? Wisegate Member Cntent 15

16 The Apple IOS als emplys a cncept knwn as applicatin sandbxing which makes it impssible fr ne applicatin t invade the dmain f anther. Ggle OS based devices d nt prvide an equal level f prtectin against rgue sftware r malware. As such, nly IOS and Blackberry devices are included in this plicy at this time. Plicy Management - Limited Capabilities in the Plicy Management realm are lack luster fr mbile devices in general. It is a plus that Apple IOS limits what can be dne between applicatins (as mentined in the Malware sectin abve). A cmparative few (apprximately 20) plicy cntrl pints exist fr ActiveSync (amng which few are actually cnsidered useful) n mbile devices. Cmparatively, there is a myriad f plicy attributes and actins that can be applied t a Laptp device r t a BlackBerry device. It is assumed that mbile device cntrls will be enhanced t address this prblem when the technical means t d s is viable. Deferred Cntrl Features and Plicy Devices Nt Supprted The fllwing device platfrms and related variants are nt supprted at this time: Andrid OS (under review) Symbian OS Nkia Maem/Meeg Micrsft Windws Mbile Micrsft Windws Phne Samsung/Bada Sny Ericssn Mtrla O2 Palm OS Audivx Any platfrm nt explicitly named in the Multiple Device Platfrms Allwed sectin f this dcument. Sample Crprate Mbile Device Acceptable Use and Security Plicy 16

17 Self Service Device Management Enrllment f Persnal Devices Wipe f Lst r Stlen Devices Passcde Reset Device Lcatr (where did I put that?) Backup and Recvery What is the respnsibility the user has fr backing up data? What is the state f Crprate data that resides in a device backup file? Can Crprate data in a device backup file be restred withut the plicy versight? Applicatin Restrictins Games Gambling Instant Messaging Clients Prngraphy Guns Data Lss and Leak Preventin Frensics and Litigatin Supprt Services Cntrls Cmpliance Testing and Reprting Manual Autmatic Applicatin Prvidence Signed by Vendr Cntrl Validatin Testing Are the plicies translating int effective cntrls, especially when cntrl requires user actin? Clarificatin / Cntrl Testing Prcess? Internatinal Travel Rules What are the users respnsibilities when traveling utside the Cmpany? What are the high-risk cuntries? Pst trip practices? Wipe? Rebuilt? Dispse f? Applicatin Sandbxing Andrid Devices Are Andrid based device applicatins segmented frm each ther? N Wisegate Member Cntent 17

18 Baseline Security Psture Mnitring and Cntrl The Cmpany currently inspects nn-crprate laptps t determine the device's security psture befre allwing LAN r Wi-Fi netwrk access. The equal level f scrutiny is difficult t apply when inspecting a smartphne r tablet device. This makes it difficult t ratinalize sme levels f access that nrmally wuld be based n thse checks. With mbile platfrms: It can be hard t determine if the latest patches are up t date, If it is free f malware, If it is free f therwise unauthrized prgrams, and If it abides by the Cmpany access plicy. Manually inspecting mbile devices every time ne is allwed netwrk access is cst prhibitive. Different security plicies may apply t mbile cmputing devices than t traditinal devices. This is because the management tls and technlgy lag behind the laptp devices market. Can the crpratin disable the persnal device if it is cmprmised and cntains sensitive infrmatin? The answer is yes. The device must f curse be reprted lst r stlen by the end-user. Cntrl cmplicatins Autmated security screen upn cnnectin is nt supprted yet. Pre-screening the device s security psture and making a calculated risk decisin is the nly way, at this pint, t enable nn-crprate mbile devices access t the Cmpany's netwrk and t allw Crprate , calendar and cntact data t be stred n the device. Mbile Device Scanning What is being dne t Integrate mbile device scanning int ur vulnerability management wrkflw? Find My Device service integratin What will be dne t leverage lst/stlen device lcatin technlgy in the incident respnse prcess? Key Reference Artifacts Gartner Article: Seven Steps t Planning and Develping a Superir Mbile Device Plicy Sample Crprate Mbile Device Acceptable Use and Security Plicy 18

19 Scializatin and Cmmunicatin Plan This Review Ladder describes wh the stakehlders are, wh will be invlved in the review f the prpsed matter, and in which draft cycle. This plan is designed t ensure efficient cntent develpment and t ensure the prper awareness is in place befre expanding the review and ultimately btaining signff. RACI Rle Definitins Respnsible: Persn(s) respnsible fr effectiveness f the cntrl after implementatin. Accuntable: Apprval authrity fr the matter cntent. Final Signatry. Cnsulted: Thse whse pinins are sught; and with whm there is tw-way cmmunicatin and feedback cnsideratin. Infrmed: Thse wh are kept up-t-date n prgress, ften nly n cmpletin f the review; and with whm there is just ne-way cmmunicatin. This list used t ensure the right peple are aware f the matter/cntent nce cmpleted and apprved. The entire table is used t identify wh (individuals r grups) will be educated as part f the Cmmunicatins and Publishing plan abve. Review Ladder è Phase is cmplete Phase in prgress Start Date: Phase Stakehlder Rle Rle Cmpletin Date Release Candidate 1 Start: Cnsulted Research and Initial Draft Preparatin Respnsible ITS Accuntable (Delegate) Release Candidate 2 Start: Respnsible ITS Respnsible ITS Wisegate Member Cntent 19

20 Respnsible ITS Accuntable (Delegate) Cnsulted Cmmunicatins Accuntable CIO Release Candidate 3 Start: Respnsible ITS Respnsible ITS Respnsible ITS Accuntable (Delegate) Accuntable CIO Release Candidate 4 Start: Respnsible ITS Respnsible ITS Respnsible ITS Accuntable (Delegate) Cmm. and Publicatin Members f previus cycle are cpied Accuntable CIO Start: Infrmed Infrmed Crprate Enterprise Plicy Cuncil Infrmed Legal: HR Infrmed Legal: Privacy Sample Crprate Mbile Device Acceptable Use and Security Plicy 20

21 Authrizatin Date Date Cmments Apprval Default: the date fllwing the final day f last draft review cycle Effective Default: same as apprval Date Review Default: 3 years frm effective date Cmpletin Target: 5 days after apprval date Apprval Matter Evidence f apprval f the new matter is inserted here. < PDF versins f messages cntaining apprval are inserted here> Cmmunicatins and Publishing Plan This sectin describes hw the apprpriate stakehlders will be ntified f the apprved cntrl matter. 1. Apprved final artifact will be prvided t the change requester 2. Plicy Prtal update will be made Date Cmments Target: 5 days after apprval date Target: 5 days after apprval date Wisegate Member Cntent 21

22 Cnclusin As yu undertake the prcess f creating r refining yur wn BYOD plicies, keep in mind this advice frm a Wisegate member: We have dne significant wrk in this area and the key is t make sure yu are defining a security plicy and thus slutins that meet the business requirements. What I have nted is that business requirements in this area are mre abut the desire fr a bright and shiny ty, nt actually abut business benefit. It is imprtant t get t the business need and nt let yur fellw IT peple make guesses at it. A mre in-depth discussin n BYOD plicies cntinues nline at wisegateit.cm. IT experts. Trading IT knwledge. Wisegate is an IT expert netwrk and infrmatin service that prvides senir-level IT prfessinals with high quality research and intelligence frm the best surce available their peers. Thrugh live rundtable discussins, detailed prduct reviews, nline Q&A and plls, and timely research reprts, Wisegate ffers a practical and unbiased infrmatin surce built n the real-wrld experience f veteran IT prfessinals. N analyst theries r vendr bias t clud the infrmatin, just clear and straightfrward insight frm experienced IT leaders. Wuld yu like t jin us? G t wisegateit.cm/request-invite/ t learn mre and t submit yur request fr membership. PHONE Sample Crprate Mbile Device Acceptable Use and Security Plicy 22

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Cloud Services MDM. Windows 8 User Guide

Cloud Services MDM. Windows 8 User Guide Clud Services MDM Windws 8 User Guide 10/24/2014 CONTENTS Overview... 2 Supprted Devices... 2 System Capabilities... 2 Enrllment and Activatin... 3 Prcess Overview... 3 Verify Prerequisites... 3 Dwnlad

More information

RSA SecurID Software Token Security Best Practices Guide. Version 3

RSA SecurID Software Token Security Best Practices Guide. Version 3 RSA SecurID Sftware Tken Security Best Practices Guide Versin 3 Cntact Infrmatin G t the RSA crprate web site fr reginal Custmer Supprt telephne and fax numbers: www.rsa.cm. Trademarks RSA, the RSA Lg

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013 Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

Network Security Trends in the Era of Cloud and Mobile Computing

Network Security Trends in the Era of Cloud and Mobile Computing Research Reprt Abstract: Netwrk Security Trends in the Era f Clud and Mbile Cmputing By Jn Oltsik, Senir Principal Analyst and Bill Lundell, Senir Research Analyst With Jennifer Gahm, Senir Prject Manager

More information

Service Desk Self Service Overview

Service Desk Self Service Overview Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service

More information

Information Technology Department REQUEST FOR PROPOSALS

Information Technology Department REQUEST FOR PROPOSALS Infrmatin Technlgy Department REQUEST FOR PROPOSALS Identity and Access Management Service Design and Technlgy Implementatin January 11, 2013 Prpsals due by 4 p.m. n February 1 st, 2013 Attachment 2 Prject

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

In addition to assisting with the disaster planning process, it is hoped this document will also::

In addition to assisting with the disaster planning process, it is hoped this document will also:: First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm 2

More information

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012 Research Reprt Abstract: Security Management and Operatins: Changes n the Hrizn By Jn Oltsik, Senir Principal Analyst With Kristine Ka and Jennifer Gahm July 2012 2012, The Enterprise Strategy Grup, Inc.

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Managing Access and Help Protect Corporate Email Data on Mobile Devices with Enterprise Mobile Suite

Managing Access and Help Protect Corporate Email Data on Mobile Devices with Enterprise Mobile Suite Managing Access and Help Prtect Crprate Email Data n Mbile Devices with Enterprise Mbile Suite Last updated: 7/15/15 Balancing prductivity and security Emplyees want t be able t use their wn devices t

More information

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

AMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated 2-12-15

AMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated 2-12-15 AMWA Chapter Subgrups n LinkedIn Guidance fr Subgrup Managers and Chapter Leaders, updated 2-12-15 1. Chapters may nt have an independent grup n LinkedIn, Facebk, r ther scial netwrking site. AMWA prvides

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Junos Pulse Instructions for Windows and Mac OS X

Junos Pulse Instructions for Windows and Mac OS X Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.

More information

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16 Yu must read and agree t fllw the netwrk rules belw t use yur netwrk accunt r access the internet. Nrwd Public Schls makes available t students access t cmputers and the Internet. Students are expected

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

For students to participate in BYOD please follow these two steps

For students to participate in BYOD please follow these two steps www.readingtn.k12.nj.us September 15, 2015 Dear Readingtn Middle Schl Families, We are excited t annunce that we are cntinuing with Bring Yur Own Device fr all middle schl students! We recgnize that many

More information

Organisational self-migration guide an overview V1-5 April 2014

Organisational self-migration guide an overview V1-5 April 2014 Organisatinal self-migratin guide an verview V1-5 April 2014 Cpyright 2013, Health and Scial Care Infrmatin Centre. 1 Self Migratin t NHSmail an verview fr rganisatins Cntents Intrductin 3 1. Initial preparatins

More information

Information & Communications Technology ICT Security Compliance Guide (Student)

Information & Communications Technology ICT Security Compliance Guide (Student) Infrmatin & Cmmunicatins Technlgy ICT Security Cmpliance Guide (Student) RESTRICTED Dcument ID: ICT-SSG Versin 1.1 Effective Date 1 Nv 2011 Dcument Cntrl Revisin Histry Versin Date Descriptin Authr 1.0

More information

Internet and E-Mail Policy User s Guide

Internet and E-Mail Policy User s Guide Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin

More information

Unified Communications

Unified Communications Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number

More information

The ADVANTAGE of Cloud Based Computing:

The ADVANTAGE of Cloud Based Computing: The ADVANTAGE f Clud Based Cmputing: A Web Based Slutin fr: Business wners and managers that perate equipment rental, sales and/r service based rganizatins. R M I Crpratin Business Reprt RMI Crpratin has

More information

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review 10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic

More information

Completing the CMDB Circle: Asset Management with Barcode Scanning

Completing the CMDB Circle: Asset Management with Barcode Scanning Cmpleting the CMDB Circle: Asset Management with Barcde Scanning WHITE PAPER The Value f Barcding Tday, barcdes are n just abut everything manufactured and are used fr asset tracking and identificatin

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Mobile Deployment Guide For Apple ios

Mobile Deployment Guide For Apple ios Fr Apple ios Cpyright This dcument is prtected by the United States cpyright laws, and is prprietary t Zscaler Inc. Cpying, reprducing, integrating, translating, mdifying, enhancing, recrding by any infrmatin

More information

Disk Redundancy (RAID)

Disk Redundancy (RAID) A Primer fr Business Dvana s Primers fr Business series are a set f shrt papers r guides intended fr business decisin makers, wh feel they are being bmbarded with terms and want t understand a cmplex tpic.

More information

BYOD and Cloud Computing

BYOD and Cloud Computing BYOD and Clud Cmputing AIIM First Canadian Chapter May 22, 2014 Susan Nickle, Lndn Health Sciences Centre Chuck Rthman, Wrtzmans Sheila Taylr, Erg Infrmatin Management Cnsulting Clud cmputing Agenda What

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

BYOD Strategies: Chapter 2

BYOD Strategies: Chapter 2 Limitatins f the Walled Garden This is the secnd part in a series designed t help rganizatins develp their BYOD (bring-yur-wn-device) strategies fr persnally-wned smartphnes and tablets in the enterprise.

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

Public consultation paper

Public consultation paper Public cnsultatin paper Nvember 2012 Public cnsultatin n guidelines fr prfessinal indemnity insurance arrangements fr nurses and nurse practitiners. Please prvide feedback by email t: nmbafeedback@ahpra.gv.au

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

AuditNet Survey of Bring your own Device (BYOD) - Control, Risk and Audit

AuditNet Survey of Bring your own Device (BYOD) - Control, Risk and Audit AuditNet Survey f Bring yur wn Device (BYOD) - Cntrl, Risk and Audit The pace f technlgy mves much faster than managers and auditrs can understand and react, with updated plicies, prcedures and cntrls.

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

Woodstock Multimedia, INC. Software/Hardware Usage Policy

Woodstock Multimedia, INC. Software/Hardware Usage Policy Wdstck Multimedia, INC. Sftware/Hardware Usage Plicy POLICY PURPOSE The purpse f the Wdstck Multimedia, INC. Sftware / Hardware Usage Plicy is t ensure that Wdstck Multimedia, INC. emplyees are prperly

More information

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation 2010. User Guide

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation 2010. User Guide HarePint HelpDesk fr SharePint Fr SharePint Server 2010, SharePint Fundatin 2010 User Guide Prduct versin: 14.1.0 04/10/2013 2 Intrductin HarePint.Cm (This Page Intentinally Left Blank ) Table f Cntents

More information

White Paper. SharePoint and the Consumerization of IT: Considerations for BYOD Success. Authors: Aseem Pandit and Prateek Bhargava

White Paper. SharePoint and the Consumerization of IT: Considerations for BYOD Success. Authors: Aseem Pandit and Prateek Bhargava White Paper SharePint and the Cnsumerizatin f IT: Cnsideratins fr BYOD Success Authrs: Aseem Pandit and Prateek Bhargava The Evlutin f IT Cnsumerizatin & BYOD BYOD refers t the plicy f permitting emplyees

More information

Research Report. Abstract: Data Center Networking Trends. January 2012. By Jon Oltsik With Bob Laliberte and Bill Lundell

Research Report. Abstract: Data Center Networking Trends. January 2012. By Jon Oltsik With Bob Laliberte and Bill Lundell Research Reprt Abstract: Data Center Netwrking Trends By Jn Oltsik With Bb Laliberte and Bill Lundell January 2012 2012 Enterprise Strategy Grup, Inc. All Rights Reserved. Intrductin Research Objective

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Corporate Standards for data quality and the collation of data for external presentation

Corporate Standards for data quality and the collation of data for external presentation The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published

More information

Service Request Form

Service Request Form New Prfessinal Services Order Frm Editable PDF Service Request Frm If yu have any questins while filling ut this frm, please cntact yur CDM, email Prfessinal Services at PS@swipeclck.cm, r call 888-223-3250

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH)

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) Murugiah Suppaya, Karen Scarfne, 1 and Larry Feldman, 2 Editrs Cmputer Security Divisin Infrmatin

More information

KIK s GUIDE FOR LAW ENFORCEMENT

KIK s GUIDE FOR LAW ENFORCEMENT Thanks fr checking ut ur law enfrcement guide. Kik takes the safety f ur users very seriusly, and we hpe this guide will be a useful tl fr yu. It includes infrmatin abut ur app; the features and functins

More information

Ensuring end-to-end protection of video integrity

Ensuring end-to-end protection of video integrity White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring

More information

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site.

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site. Hardware Request System Visin 1 Intrductin 1.1 Dcument Purpse and Scpe This dcument utlines the visin fr the Hardware Request system. The purpses f this dcument are t: Identify and agree n the prblems

More information

QBT - Making business travel simple

QBT - Making business travel simple QBT - Making business travel simple In business travel, cmplexity csts. S, we ffer less f it. We adpt the latest technlgy and make it simple, transparent and highly persnal. S yu get mre f what yu need

More information

IN-HOUSE OR OUTSOURCED BILLING

IN-HOUSE OR OUTSOURCED BILLING IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability

More information

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System ISO Management Systems Guidance n understanding the benefits f an ISO Management System Welcme & Intrductins 4031 University Drive, 206, Fairfax, VA 22030 3 Grant Square, 243, Hinsdale, IL 60521 www.radiancmpliance.cm

More information

Licensing Windows Server 2012 R2 for use with virtualization technologies

Licensing Windows Server 2012 R2 for use with virtualization technologies Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI

More information

Solving the Patch Management Dilemma Using SCCM 2007

Solving the Patch Management Dilemma Using SCCM 2007 White Paper Slving the Patch Management Dilemma Using SCCM 2007 Abstract If yu find it difficult t patch r update yur enterprise cmputers, a Micrsft System Center Family prduct System Center Cnfiguratin

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

Considerations for Success in Workflow Automation. Automating Workflows with KwikTag by ImageTag

Considerations for Success in Workflow Automation. Automating Workflows with KwikTag by ImageTag Autmating Wrkflws with KwikTag by ImageTag Cnsideratins fr Success in Wrkflw Autmatin KwikTag balances cmprehensive, feature-rich Transactinal Cntent Management with affrdability, fast implementatin, ease

More information

Agency Operations Plan 2015-17

Agency Operations Plan 2015-17 Agency Operatins Plan 2015-17 Agency: Nrth Dakta Public Emplyees Retirement System (NDPERS) Line f Business: (ptinal) The Public Emplyees Retirement System is the administratr f several emplyee benefit

More information

Introduction to Mindjet MindManager Server

Introduction to Mindjet MindManager Server Intrductin t Mindjet MindManager Server Mindjet Crpratin Tll Free: 877-Mindjet 1160 Battery Street East San Francisc CA 94111 USA Phne: 415-229-4200 Fax: 415-229-4201 mindjet.cm 2013 Mindjet. All Rights

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

Password Reset for Remote Users

Password Reset for Remote Users 1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

1)What hardware is available for installing/configuring MOSS 2010?

1)What hardware is available for installing/configuring MOSS 2010? 1)What hardware is available fr installing/cnfiguring MOSS 2010? 2 Web Frnt End Servers HP Prliant DL 380 G7 2 quad cre Intel Xen Prcessr E5620, 2.4 Ghz, Memry 12 GB, 2 HP 146 GB drives RAID 5 2 Applicatin

More information

MaaS360 Cloud Extender

MaaS360 Cloud Extender MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information