PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

Size: px
Start display at page:

Download "PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK"

Transcription

1 Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs at Thmas M. Salmn Assistant Inspectr General March 2014 A

2 Office f Inspectr General https://ig.hhs.gv The missin f the Office f Inspectr General (OIG), as mandated by Public Law , as amended, is t prtect the integrity f the Department f Health and Human Services (HHS) prgrams, as well as the health and welfare f beneficiaries served by thse prgrams. This statutry missin is carried ut thrugh a natinwide netwrk f audits, investigatins, and inspectins cnducted by the fllwing perating cmpnents: Office f Audit Services The Office f Audit Services (OAS) prvides auditing services fr HHS, either by cnducting audits with its wn audit resurces r by verseeing audit wrk dne by thers. Audits examine the perfrmance f HHS prgrams and/r its grantees and cntractrs in carrying ut their respective respnsibilities and are intended t prvide independent assessments f HHS prgrams and peratins. These assessments help reduce waste, abuse, and mismanagement and prmte ecnmy and efficiency thrughut HHS. Office f Evaluatin and Inspectins The Office f Evaluatin and Inspectins (OEI) cnducts natinal evaluatins t prvide HHS, Cngress, and the public with timely, useful, and reliable infrmatin n significant issues. These evaluatins fcus n preventing fraud, waste, r abuse and prmting ecnmy, efficiency, and effectiveness f departmental prgrams. T prmte impact, OEI reprts als present practical recmmendatins fr imprving prgram peratins. Office f Investigatins The Office f Investigatins (OI) cnducts criminal, civil, and administrative investigatins f fraud and miscnduct related t HHS prgrams, peratins, and beneficiaries. With investigatrs wrking in all 50 States and the District f Clumbia, OI utilizes its resurces by actively crdinating with the Department f Justice and ther Federal, State, and lcal law enfrcement authrities. The investigative effrts f OI ften lead t criminal cnvictins, administrative sanctins, and/r civil mnetary penalties. Office f Cunsel t the Inspectr General The Office f Cunsel t the Inspectr General (OCIG) prvides general legal services t OIG, rendering advice and pinins n HHS prgrams and peratins and prviding all legal supprt fr OIG s internal peratins. OCIG represents OIG in all civil and administrative fraud and abuse cases invlving HHS prgrams, including False Claims Act, prgram exclusin, and civil mnetary penalty cases. In cnnectin with these cases, OCIG als negtiates and mnitrs crprate integrity agreements. OCIG renders advisry pinins, issues cmpliance prgram guidance, publishes fraud alerts, and prvides ther guidance t the health care industry cncerning the anti-kickback statute and ther OIG enfrcement authrities.

3 Ntices THIS REPORT IS AVAILABLE TO THE PUBLIC at Sectin 8L f the Inspectr General Act, 5 U.S.C. App., requires that OIG pst its publicly available reprts n the OIG Web site. OFFICE OF AUDIT SERVICES FINDINGS AND OPINIONS The designatin f financial r management practices as questinable, a recmmendatin fr the disallwance f csts incurred r claimed, and any ther cnclusins and recmmendatins in this reprt represent the findings and pinins f OAS. Authrized fficials f the HHS perating divisins will make final determinatin n these matters.

4 The Indian Health Service needs t address cyber vulnerabilities n its cmputer netwrk. This reprt prvides an verview f the results f ur penetratin test f the Indian Health Service s (IHS) cmputer netwrk. It des nt include specific details f the vulnerabilities that we identified due t the sensitive nature f the infrmatin. We have prvided mre detailed infrmatin and recmmendatins t IHS s that it can address the issues we identified. WHY WE DID THIS REVIEW Cmputer hackers are increasingly attempting t cmprmise Gvernment systems, publish sensitive data, and use stlen data t cmmit fraud. Threats t Federal agency Web applicatins are cntinually changing because f advances made by hackers, the release f new technlgy, and the deplyment f increasingly cmplex systems. Web sites that are nt secured prperly create vulnerabilities that culd be explited by an unauthrized user t cmprmise the cnfidentiality f sensitive infrmatin. Furthermre, cyber attacks thrugh targeted messages cnstitute the vast majrity f attacks n Federal and private sectr netwrks, accrding t Federal data. These attacks culd significantly impact the peratins f Federal agencies and expse sensitive data. Previusly, in 2011, we cnducted a separate infrmatin technlgy (IT) general cntrls audit f the IHS s netwrk security cntrls and fund that such cntrls were inadequate. The security vulnerabilities identified presented an increased risk that unauthrized individuals culd gain access t the IHS netwrk and ptentially t the U.S. Department f Health and Human Services (HHS) netwrk. Therefre, in June 2013, we decided t cnduct further testing f the effectiveness f IHS s netwrk security cntrls by perfrming an external netwrk penetratin test. The bjective f this review was t determine whether IHS netwrk systems were susceptible t cmprmise by cyber attacks. BACKGROUND Penetratin tests are used t identify methds f gaining access t a system by using tls and techniques that attackers use. This audit was the first f a series f OIG audits planned t include penetratin testing f HHS and its perating divisin s netwrks. IHS, which is 1 f 12 HHS perating divisins, prvides health services directly thrugh tribally cntracted and perated health prgrams and thrugh services purchased frm private prviders. The Federal system cnsists f 28 hspitals, 61 health centers, and 34 health statins. In additin, 33 urban Indian health prjects prvide a variety f health and referral services. Prtecting beneficiaries and prviders persnally identifiable infrmatin and persnal health infrmatin is critical because fraud perpetratrs ften use stlen beneficiary r physician identities, r bth, t submit false claims t the prgrams. Penetratin Test f the Indian Health Service s Cmputer Netwrk (A ) 1

5 HOW WE CONDUCTED THIS REVIEW We assessed the IHS netwrk s expsure t cyber attacks by perfrming a penetratin test f its netwrks and infrmatin systems. We cnducted the penetratin test frm June 10 thrugh 14, 2013, with the knwledge and permissin f IHS fficials. We requested that IHS incident respnse staff nt be ntified f ur testing t assess the effectiveness f IHS s intrusin detectin and respnse cntrls. Appendix A cntains a summary f ur audit scpe and methdlgy. Risk Level Definitins fr Findings T assign risk levels (i.e., High, Medium, Lw) t ur findings, we used Table 3-7, Risk Scale and Necessary Actins, f the Natinal Institute f Standards and Technlgy (NIST) Special Publicatin (SP) , Risk Management Guide fr Infrmatin Technlgy Systems, which describes the need fr crrective actins and the relative timeframes in which they must ccur based n high, medium, and lw levels f risk assciated with system vulnerabilities. Appendix B cntains the table. WHAT WE FOUND Overall, the IHS needs t address cyber vulnerabilities n its cmputer netwrk. Specifically, we were able t btain unauthrized access t an IHS Web server and an IHS cmputer. We were able t gain unauthrized access t an IHS Web server, which allwed us t access the internal IHS netwrk and btain user accunt and passwrd data n the system, including user names and passwrds t IHS databases (High Risk). We were able t take cntrl f an IHS cmputer, which allwed access t the cmputer s resurces, including recrds in the file system (Medium Risk). Due t the sensitive nature f the specific findings identified during ur testing, nly a summary f the findings are included in this reprt. We have prvided mre detailed, technical findings t IHS. WHAT WE RECOMMEND We made 6 recmmendatins t IHS t address the security vulnerabilities that we identified. In general, we recmmended that IHS fix the vulnerability n the IHS Web server, implement mre effective prcedures t prtect its cmputer systems frm cyber attacks, and peridically measure adherence t IHS security plicies and prcedures. This reprt summarizes ur recmmendatins due t the sensitive nature f the infrmatin discussed. We have prvided mre detailed recmmendatins t IHS. Penetratin Test f the Indian Health Service s Cmputer Netwrk (A ) 2

6 AUDITEE COMMENTS In written cmments t ur draft reprt, IHS cncurred with all f ur recmmendatins and described the actins they will take t implement them. Penetratin Test f the Indian Health Service s Cmputer Netwrk (A ) 3

7 APPENDIX A: AUDIT SCOPE AND METHODOLOGY SCOPE We fcused ur audit n the IHS netwrk and Web sites in peratin during the perid June 10 thrugh 14, We did nt review IHS s verall internal cntrl structure. We perfrmed ur testing frm OIG facilities. METHODOLOGY T accmplish ur bjectives, we prepared a Rules f Engagement dcument that utlined the general rules, lgistics, and expectatins fr the penetratin test and btained signatures frm bth IHS and OIG management. Afterwards, we perfrmed the fllwing prcedures: cnducted infrmatin-gathering techniques t discver the fllwing fr IHS: netwrk address ranges, hst 5 names, expsed hsts, applicatins running n expsed hsts, perating system and applicatin versin infrmatin, current patch levels f the hsts and applicatins, structure f the applicatins and supprting servers, and dmain name server recrds; cnducted vulnerability analysis techniques t discver pssible methds f attack; explited vulnerabilities identified in the vulnerability analysis t attempt t gain rt r administratr-level access t the target systems r ther trusted user accunt access; used advanced techniques t gain access t an IHS cmputer system and attempted t gain a persistent fthld int the netwrk and t escalate user privileges; and discussed ur findings with IHS management. We cnducted this perfrmance audit in accrdance with generally accepted gvernment auditing standards. Thse standards require that we plan and perfrm the audit t btain sufficient, apprpriate evidence t prvide a reasnable basis fr ur findings and cnclusins based n ur audit bjectives. We believe that the evidence btained prvides a reasnable basis fr ur findings and cnclusins based n ur audit bjectives. 5 A hst is any device cnnected t a cmputer netwrk. Penetratin Test f the Indian Health Service s Cmputer Netwrk (A ) 4

8 APPENDIX B: RISK SCALE AND NECESSARY ACTIONS Risk Level High Medium Lw Risk Descriptin and Necessary Actins If an bservatin r finding is evaluated as a high risk, there is a strng need fr crrective measures. An existing system may cntinue t perate, but a crrective actin plan must be put in place as sn as pssible. If an bservatin is rated as medium risk, crrective actins are needed and a plan must be develped t incrprate these actins within a reasnable perid f time. If an bservatin is described as lw risk, the system s designated apprving authrity must determine whether crrective actins are still required r decide t accept the risk. Penetratin Test f the Indian Health Service s Cmputer Netwrk (A ) 5

PENETRATION TEST OF THE FOOD COMPUTER NETWORK

PENETRATION TEST OF THE FOOD COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE FOOD AND DRUG ADMINISTRATION'S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office fpublic

More information

FRAUD AND ABUSE SAFEGUARDS

FRAUD AND ABUSE SAFEGUARDS Department f Health and Human Services OFFICE OF INSPECTOR GENERAL FRAUD AND ABUSE SAFEGUARDS IN SEPARATE STATE CHILDREN S HEALTH INSURANCE PROGRAMS Daniel R. Levinsn Inspectr General March 2007 OEI-06-04-00380

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM15-14-000 Statement f Thmas F. O Brien Vice President & Chief Infrmatin

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

Human Research Protection Program Investigating Reports of Research Non-compliance at MMC

Human Research Protection Program Investigating Reports of Research Non-compliance at MMC Human Research Prtectin Prgram Investigating Reprts f Research Nn-cmpliance at MMC SOP- I.5.D, II.2.F, II.2.G A-II.2.F, II.2.G 1. POLICY 1.1 Definitins 1.1.1 Nn-cmpliance Failure n the part f a PI r any

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Risk Management Policy AGL Energy Limited

Risk Management Policy AGL Energy Limited Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

Texas Department of Insurance Division of Workers Compensation. Insurance Carrier/Utilization Review Agent Plan-Based Audit

Texas Department of Insurance Division of Workers Compensation. Insurance Carrier/Utilization Review Agent Plan-Based Audit Texas Department f Insurance Divisin f Wrkers Cmpensatin Insurance Carrier/Utilizatin Review Agent Plan-Based Audit Octber 22, 2012 1 P age Sectin I: General Statement and Overview The Texas Department

More information

Process Safety Management Program for Contractors

Process Safety Management Program for Contractors Page 1 f 6 Sect: 1.0 Purpse 2.0 Scpe This sectin cntains requirements fr Ardent (Cntract Emplyer) and ur subcntractrs fr the purpse f assisting ur clients in preventing r minimizing the cnsequences f catastrphic

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents. Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012 Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

Malpractice and Maladministration Policy

Malpractice and Maladministration Policy TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs

More information

UBC Incident Response Plan V1.5

UBC Incident Response Plan V1.5 UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

REQUEST FOR PROPOSAL SECURITY SERVICES

REQUEST FOR PROPOSAL SECURITY SERVICES REQUEST FOR PROPOSAL SECURITY SERVICES Sectin I INTRODUCTION [Cmpany] is seeking prpsals frm qualified Cntractrs t prvide unifrmed security service fr [Cmpany] facilities at [Lcatin(s)]. This dcument is

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

SECTION I.4 AUDIT ENGAGEMENT WORKING PAPERS

SECTION I.4 AUDIT ENGAGEMENT WORKING PAPERS SECTION I.4 AUDIT ENGAGEMENT WORKING PAPERS Ref. Plicy and Practice Requirements IIA Standards references I.4 1 Plicy: Wrking papers shall be prepared fr each audit engagement t recrd wrk perfrmed and

More information

POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES

POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES M. PĘCIŁŁO Central Institute fr Labur Prtectin ul. Czerniakwska

More information

OKLAHOMA BOARD OF NURSING PERFORMANCE AUDIT FOR THE PERIOD JANUARY 1, 2007 THROUGH JUNE 30, 2009. Oklahoma State Auditor & Inspector

OKLAHOMA BOARD OF NURSING PERFORMANCE AUDIT FOR THE PERIOD JANUARY 1, 2007 THROUGH JUNE 30, 2009. Oklahoma State Auditor & Inspector OKLAHOMA BOARD OF NURSING FOR THE PERIOD JANUARY 1, 2007 THROUGH JUNE 30, 2009 PERFORMANCE AUDIT Oklahma State Auditr & Inspectr Audit Reprt f the Oklahma Bard f Nursing Fr the Perid January 1, 2007 thrugh

More information

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective fr audits f financial statements fr perids beginning n r

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

Information Security Policy

Information Security Policy Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

STANDARDISATION IN E-ARCHIVING

STANDARDISATION IN E-ARCHIVING STANDARDISATION IN E-ARCHIVING R E Q U I R E M E N T S A N D C O N T R O L S F O R D I G I T I S AT I O N A N D E - A R C H I V I N G S E R V I C E P R O V I D E R S Alain Wahl 1 Requirements and cntrls

More information

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7 Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:

More information

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act

More information

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH)

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) Murugiah Suppaya, Karen Scarfne, 1 and Larry Feldman, 2 Editrs Cmputer Security Divisin Infrmatin

More information

Bond Authorization Requested

Bond Authorization Requested District r Charter Schl Cntact Persn: Address 1: Address 2: City: Zip Cde: Telephne: Email Address: Bnd Authrizatin Requested The maximum bnd authrizatin that may be requested per district r charter schl

More information

Financial Accountability Handbook

Financial Accountability Handbook Financial Accuntability Handbk >> Vlume 4 Mnitring/assessment Infrmatin Sheet 4.2 Statement by Chief Finance Officer Intrductin Accuntable fficers and statutry bdies are respnsible fr the efficient, effective

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

Health and Safety Training and Supervision

Health and Safety Training and Supervision Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

If the CAP is acceptable, the serious deficiency determination for the provider is temporarily deferred.

If the CAP is acceptable, the serious deficiency determination for the provider is temporarily deferred. Pat McCrry Gvernr Sent Via Email TO: FROM: Nrth Carlina Department f Health and Human Services Divisin f Public Health May 12.2014 Spnsring Organizatins f Day Care Hmes Arnette Cwan, MS, RD, LDN Supervisr,

More information

Accident Investigation

Accident Investigation Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal

More information

Managed Firewall Service Definition. SD007v1.1

Managed Firewall Service Definition. SD007v1.1 Managed Firewall Service Definitin SD007v1.1 Managed Firewall Service Definitin Service Backgrund It is imprtant t nte that the functin f any firewall service is t filter traffic cming int the netwrk (als

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

FY-2006 Networking and Security Engineering and Operations NASA Task TM: Richard Kurak

FY-2006 Networking and Security Engineering and Operations NASA Task TM: Richard Kurak FY-2006 Task A-03: Netwrking and Security Engineering and Operatins NASA Task TM: Richard Kurak Task Summary: The Office f Chief Infrmatin Office (OCIO) is respnsible fr prviding ttal cmmunicatins capabilities

More information

USE OF MODIFIER 59 TO BYPASS MEDICARE S NATIONAL CORRECT CODING INITIATIVE EDITS

USE OF MODIFIER 59 TO BYPASS MEDICARE S NATIONAL CORRECT CODING INITIATIVE EDITS Department f Health and Human Services OFFICE OF INSPECTOR GENERAL USE OF MODIFIER 59 TO BYPASS MEDICARE S NATIONAL CORRECT CODING INITIATIVE EDITS Daniel R. Levinsn Inspectr General Nvember 2005 OEI-03-02-00771

More information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010 OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity

More information

General Records Authority 33. Accredited Training

General Records Authority 33. Accredited Training General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION

More information

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015 GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER Mst Recently Amended: December 8, 2015 Purpse The purpse f the Audit Cmmittee is t assist the Bard f Directrs f General Mtrs Cmpany in its versight f the

More information

0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012

0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012 State f Michigan Administrative Guide t State Gvernment 0820.02 Wrkers Disability Cmpensatin Claims Prcedures Issued: January 1, 1994 Revised: March 29, 2012 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY:

More information

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013 Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,

More information

State of California California Technology Agency. Software Management Plan Guidelines

State of California California Technology Agency. Software Management Plan Guidelines State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE

ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE 1 INTRODUCTION Third party auditr/cnsultant plays an imprtant rle in decmmissining t ensure that all critical decmmissining activities

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

CDC UNIFIED PROCESS PRACTICES GUIDE

CDC UNIFIED PROCESS PRACTICES GUIDE Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Risk Management and t describe the practice verview, requirements, best practices, activities, and key terms related t these

More information

Financial Accountability Handbook

Financial Accountability Handbook Financial Accuntability Handbk >> Vlume 5 Reprting Systems Infrmatin Sheet 5.2 Preparatin f Financial Statements Intrductin The Financial Accuntability Act 2009 (the Act) and the Financial and Perfrmance

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

Primarily Norwich. Board of Trustees (Executive Committee)

Primarily Norwich. Board of Trustees (Executive Committee) Trustee Break Remuneratin Lcatin The rle f Trustee is nt accmpanied by any financial remuneratin, althugh expenses fr travel may be claimed. Primarily Nrwich Time cmmitment A minimum f 4 Bard meetings

More information

National Australia Bank Limited Group Disclosure & External Communications Policy

National Australia Bank Limited Group Disclosure & External Communications Policy Natinal Australia Bank Limited Grup Disclsure & External Cmmunicatins Plicy Grup Disclsure & External Cmmunicatins Plicy Page 2 f 7 Grup Disclsure & External Cmmunicatins Plicy ( the Plicy ) 1. Overview

More information

Chicago Department of Finance. Tax Audit Process

Chicago Department of Finance. Tax Audit Process Chicag Department f Finance Tax Audit Prcess Audit Overview There are varius ways a business gets selected fr audit. The mst cmmn are referrals frm anther divisin f the Department f Finance, referral frm

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information

Investigative Management Program and Case Tracking System (IMPACT)

Investigative Management Program and Case Tracking System (IMPACT) Privacy Impact Assessment fr the Investigative Management Prgram and Case Tracking System (IMPACT) February 4, 2008 Cntact Pint Office f Infrmatin Systems Drug Enfrcement Administratin 202-307-1000 Reviewing

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used

More information

Name. Description. Rationale

Name. Description. Rationale Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

HP ValuPack Consulting Description Red Hat Linux System Performance Monitoring & Tuning

HP ValuPack Consulting Description Red Hat Linux System Performance Monitoring & Tuning HP ValuPack Cnsulting Descriptin Red Hat Linux System Perfrmance Mnitring & Tuning HP ValuPacks are standardized cnsulting services, prvided by HP Slutin Center Service Prfessinals, with pre-defined custm

More information

Office of the Superintendent of Financial Institutions. Internal Audit Report. Human Resources Performance Management.

Office of the Superintendent of Financial Institutions. Internal Audit Report. Human Resources Performance Management. Office f the Superintendent f Financial Institutins Internal Audit Reprt n Human Resurces Perfrmance Nvember 2010 Table f Cntents 1. Backgrund...3 2. Audit Objectives, Scpe, Apprach, and Criteria...3 3.

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Gravesham Borough Council

Gravesham Borough Council Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager

More information