1 Page 1 of 10 Table of Contents 1. Purpose Entities Affected by This Guideline Definitions Guidelines Requesting Data Center or Requirements for Data Center or Criteria for Data Center Criteria for and Switchroom Criteria for Third-party Service Provider Emergency Personnel Responsibilities Concerning Data Department or Unit Manager ITS Management ITS Staff One Card Office Individuals with Authorized to Data Centers and s Responsibilities Concerning Data Use and Safety Reporting Theft and Security Breaches Reporting Unauthorized Annual Review of Approved Contacts and Resources Related Documents... 10
2 Page 2 of Purpose Information Technology Services (ITS) is responsible for the centralized data center and campus communication rooms that house servers, network equipment, voice and data equipment, disk storage subsystems, workstations, tape backup systems, and other campus administrative computing and communications systems that may contain Level 1 or Level 2 confidential data. to the centralized data center and communication rooms is strictly controlled and limited only to authorized personnel. These guidelines outline the requirements for obtaining authorized access to the data center and communication rooms. 2. Entities Affected by This Guideline This guideline applies to all individuals authorized to access the data center and/or communications rooms including, but not limited to, ITS employees, University employees responsible for the installation, use or maintenance of equipment housed in the restricted area, and all third-party service providers who must enter the area to install, repair or maintain equipment or systems housed therein. Note: Department administrators are responsible for user and physical access controls to decentralized systems located outside of the centralized data center and not managed by ITS. See ITS-2011-S User Control for Decentralized Systems for more information. 3. Definitions a) Accompany: To go with, remain with and monitor the actions of another. b) Authorized Personnel: Individual(s) who is (are) granted access privileges to restricted areas, equipment, systems or data following formal review and approval of the legitimate business purpose for such access. c) Breach: Infraction or violation of a law, regulation, guideline, policy or standard. d) Communications Rooms: Secured rooms containing communications equipment including, but not limited to, telephone systems (PBXs), voice mail systems, call collection computers, cable plant, wired and wireless network equipment, servers and termination blocks. e) Data Center: Secured rooms containing computing equipment including, but not limited to, computers, servers, printers, environmental equipment and other related computing equipment. The centralized data center is managed by Information Technology Services (ITS). f) Decentralized System: Any data system or equipment containing data deemed private or confidential or which contains mission critical data, including departmental, divisional and other ancillary system or equipment that is not managed by central ITS.
3 Page 3 of 10 g) Level 1 Confidential Data: Confidential data is information maintained by the University that is exempt from disclosure under the provisions of the California Public Records Act or other applicable state or federal laws. Its unauthorized use, access, disclosure, acquisition, loss or deletion could result in severe damage to the CSU, its students, employees or customers. Financial loss, damage to the CSU s reputation and legal action could occur if data is lost, stolen, unlawfully shared or otherwise compromised. Level 1 data is intended solely for use within the CSU and limited to those with a business need-to-know. Statutes, regulations, other legal obligations or mandates protect much of this information. Disclosure of level 1 data to persons outside of the University is governed by specific standards and controls designed to protect the information. h) Level 2 Internal Use Data: Internal use data is information that must be protected due to proprietary, ethical or privacy considerations. Although not specifically protected by statute, regulations or other legal obligations or mandates, unauthorized use, access, disclosure, acquisition, modification, loss or deletion of information at this level could cause financial loss, damage to the CSU s reputation, violate an individual s privacy rights or make legal action necessary. Non-directory educational information may not be released except under certain prescribed conditions. i) Standard : Non-temporary access to restricted computing and communications areas granted to individuals whose job responsibilities require such access on an ongoing or daily basis. j) Temporary : Limited, monitored access to restricted computing and communications areas granted to individuals who may from time-to-time have a business need for such access. k) Third-party Service Provider: Refers to an entity that is undertaking an outsourced activity on behalf of the University or is performing system administrator duties on their offsite system that contains University protected data (e.g., vendors, vendor s subcontractors, business partners, consultants, etc.). 4. Guidelines 4.1 Requesting Data Center or CSULA employees and, under special circumstances as outlined in 4.2.3, third-party service providers can request standard or temporary access to the data center, switchroom, telephone closets or other communications rooms managed by ITS by completing form ITS-8825 Data Center/Communications Request. All applicants must adhere to the User Responsibilities and Appropriate Use of Agreement contained therein. 4.2 Requirements for Data Center or Only CSULA employees, as well as third-party service providers under contract to the University, whose job duties meet the applicable criteria below may be granted access privileges to data centers and communication rooms. Departments are responsible for notifying the director of IT Security and Compliance when employment changes occur that require a revocation of access. (See section c) below.)
4 Page 4 of Criteria for Data Center Standard access to data centers is limited to only those whose job duties legitimately require that the work to be performed, and can only be so performed, in the data center. Authorized personnel with an ongoing legitimate business need for data center standard access would include the following: Vice president for ITS and chief technology officer All ITS directors Selected ITS management who cannot perform a required job function(s) in any other location ITS network personnel ITS server personnel ITS computer operations personnel Library personnel whose job duties require maintenance of Library systems that run only on computer room computers or servers. Administrative Technology personnel whose job duties require maintenance of Administration and Finance systems that run only on computer room computers or servers. Information Technology Consultants (ITCs) whose job duties require maintenance of academic or administrative systems that run only on data center computers or servers. A list of approved personnel authorized for standard access shall be posted prominently in the data center. Only individuals whose names appear on this list may enter the data center unaccompanied. Other individuals must be accompanied by one or more persons whose names are on the authorized standard access list. (See item a) below.) Other individuals who may from time-to-time have a business need for data center access may be granted temporary access to such rooms. These individuals must be accompanied by one or more persons with standard access, and must sign in and out on the ITS-7804 Data Center/Switchroom Log. Individuals who may be granted temporary, monitored access include: Cal State L.A. Facilities Operations employees Facilities Services outside vendors (e.g., air conditioner repair) Third-party service providers contracted by the ITS Individuals who do not have a business need for data center access may not enter such rooms under any circumstances. Those individuals with standard access to a data center may not accompany anyone who does not have a legitimate business need to be in such a room Criteria for and Switchroom a) Standard access to communications rooms and the switchroom may be granted only to the following levels of ITS staff: a. Vice president for ITS and chief technology officer b. Director of IT Infrastructure Services c. Assistant director of Network Operations Center, Servers and Technology Operations d. Manager of Network and PBX Operations e. Network technicians f. Telecommunications technicians
5 Page 5 of 10 b) Temporary access may be granted to individuals who have a business need from time-totime to work in the switchroom or communication room. Individuals granted temporary, monitored access must be accompanied by one or more persons with standard access. Individuals who may be granted temporary access include: a. Cal State L.A. Facilities Operations employees b. Facilities Services outside vendors (e.g., air conditioner repair, etc.) Criteria for Third-party Service Provider a) Standard access to the data center, communications rooms and the switchroom is generally not allowed to third-party service providers. However, standard access may be granted to third-party service providers who are contractually assigned to the campus as a full-time service provider. These vendors are required to submit ITS-8825 Data Center/ Request for approval and, following approval, may access the rooms unaccompanied. Vendors must comply with this guideline and the Appropriate Use of Agreement contained in ITS This standard access is limited to the duration stated in the University contract or service order. These vendors who may be granted standard access include: PBX maintenance vendor Any vendor or consultant assigned to the campus on a daily, full-time basis, but for an extended, contractually defined period of time, to perform contracted work. b) Temporary access may be granted to third-party service providers contracted by ITS for a specific maintenance or installation activity. To enter the data center or communications room, and to handle its contents, third-party service providers must sign in and out on the ITS-7804 access log and be accompanied by authorized University employees Emergency Personnel It is understood that there may be the need for personnel to access an area in case of an emergency (e.g., fire, police, medical, etc.). In this case, access is granted only for the purpose of responding to the emergency and with immediate notification to the vice president for ITS. 4.3 Responsibilities Concerning Data Department or Unit Manager Department and unit managers are responsible for the following: a) Evaluating data center or communication room access applications. Approve applications only where an applicant s job title, employment responsibilities and stated justification meet the criteria for allowing data center or communication room access. b) Approving applications only where an applicant s job title, employment responsibilities and stated justification meet the criteria for allowing data center or communication room access. c) Immediately notifying IT Security and Compliance at in any of the following situations: An individual s job duties no longer require access to a data center or communication room, including separation from the University. A third-party service provider s contract expiration. If there is any reason to revoke or modify an individual s access to a data center or communication room.
6 Page 6 of ITS Management a) The vice president and CTO; director of IT Security and Compliance; director of IT Infrastructure; assistant director of Network Operations Center, Servers and Technology Operations and the manager of Network and PBX Operations shall evaluate all data center and communication room access applications. Approve applications only where an applicant s job title, employment responsibilities and stated justification meet the criteria for allowing data center and communication room access. b) The assistant director of Network Operations Center, Servers and Technology Operations shall verify which rooms and equipment an applicant is approved to access and handle. c) The assistant director of Network Operations Center, Servers and Technology Operations shall regularly audit the list of those with authorized access to data centers and communication rooms to ensure the list is current and accurate. Remove access for any individuals whose status and job responsibilities do not justify it. d) The assistant director of Network Operations Center, Servers and Technology Operations shall visibly post the most current log of users with data center and communication room access. Logs must be updated and reposted as changes occur. Handwritten deletions or additions to the posted logs are not acceptable compliance standards. The logs should be retained for a period of one year for audit compliance. e) The assistant director of Network Operation Center, Servers and Technology Operations shall either the updated log of approved users to all ITS managers or post the log of approved users on SharePoint for access by all ITS managers. A current electronic list of approved users must be available to all ITS managers for verification at all times to prevent physical alternation of the posted log ITS Staff a) Process ITS-8825 Data Center/ Request form. b) Maintain a secured record of users and their OmniLock codes. c) Authorize the creation of Golden Eagle Card PINs and OmniLock codes for approved users. d) Create OmniLock codes for approved users. e) Notify approved users when their access information is ready to pick up at ITS Help Desk or the One Card office. f) Verify approved users Golden Eagle Cards and signatures prior to issuing OmniLock codes One Card Office a) When directed by the assistant director of Network Operations Center, Servers and Technology Operations, create encrypted Golden Eagle Card PINs for approved users. b) Maintain a record of users who have been assigned Golden Eagle Card PINs. c) Verify users Golden Eagle Cards and signatures prior to issuing Golden Eagle Card PINs.
7 Page 7 of Individuals with Authorized to Data Centers and s a) Adhere to all the terms and conditions agreed to on ITS-8825 Data Center/Communication Room Request. b) Do not identify an access code or PIN as being connected with any data center or communications room. c) Do not leave an access code or PIN where anyone else can find, view or copy it. d) Do not allow entry to a data center or communication room to any other individual, except when given permission by the assistant director of Network Operations Center, Servers and Technology Operations to accompany individuals who have been granted temporary access. e) Immediately report any unauthorized access to the following individuals in the order specified below: The assistant director of Network Operations Center, Servers and Technology Operations Director of IT Infrastructure Services Director of IT Security and Compliance Vice president for ITS and CTO 4.4 Responsibilities Concerning Data Use and Safety a) Doors to secured areas may never be propped open. Individuals leaving the data center or communication room are responsible for ensuring the room is fully secured before departing. Exceptions may be granted by the director for IT Infrastructure or the assistant director of Network Operations Center, Servers and Technology Operations under the following conditions: Environmental problems leading to excessive temperatures place the equipment or operating conditions in jeopardy. Work being performed by staff or third-party service providers requires open access, e.g., equipment transport, external power provision, temporary cable to an external location, etc. The location is monitored by an authorized individual at all times to prevent unauthorized access. b) ITS will comply with all published University safety and risk management practices issued by Risk Management/Environmental Health and Safety related to environmental controls, chemicals and combustible materials storage and safety, and occupational safety. c) All individuals will comply with Administrative Procedure 006, University Smoking Policy. d) Food and drink are not allowed in the data center machine room or communications rooms. e) Food and drink are allowed, but not recommended, in the data center console room and the switchroom office area. Individuals working in these areas are responsible for ensuring their careful consumption and the cleanliness of the work area.
8 Page 8 of 10 f) Chemicals, cleaning supplies and combustible materials may not be stored in the data center or communications room. g) Combustible materials, such as papers, empty boxes, rags and the like, may not be stored in the data center or any communications rooms. 4.5 Reporting Theft and Security Breaches a) Immediately, within 15 minutes of discovery, report the theft of any data center or communication room contents to: University Police at , Department of Public Safety, Building 46. If a computer or any other electronic storage device is among the stolen contents, fill out ITS-2804 Lost or Stolen Computer or Electronic Storage Device Report obtained from University Police or online. Submit the completed form to IT Security and Compliance immediately: it to or bring it to the ITS Help Desk (LIB PW Lobby). b) Immediately, within 15 minutes of discovery, report any security breaches or violations of campus or remote CMS databases by phone to the individuals listed below. A written follow-up minimally containing the date, time, event, emergency contact personnel, emergency contact phone number, system impact, user impact, current actions and planned actions, must be ed to the same individuals within four hours of discovery. Vice President for Information Technology Services and CTO Phone: Director of IT Security and Compliance Phone: c) The vice president for Information Technology Services/CTO and the director of IT Security and Compliance are responsible for notifying University Counsel within 30 minutes of discovery and providing periodic updates as required. d) All security breaches and violations shall be investigated forthwith, by the director of IT Security and Compliance following the protocols outlined in ITS-2511 Campus Security Incident Response Team (CSIRT). e) The final report(s) regarding all security breaches shall be filed with the director of IT Security and Compliance. 4.6 Reporting Unauthorized a) Immediately report any unauthorized access to the individuals, and in the order specified, below: Assistant director of Network Operations Center, Servers and Technology Operations Director of IT Infrastructure Services Director of IT Security and Compliance Vice president for ITS and CTO
9 Page 9 of Annual Review of Approved a) The director of IT Security and Compliance is responsible for conducting an annual review of approved access. The review must be completed during the fall academic quarter. b) The annual review shall consist of verifying those with authorized standard access, Golden Eagle Card PINs and OmniLock codes. c) The assistant director of Network Operations Center, Servers and Technology Operations shall correct any findings of unauthorized access within 24-hours. 5. Contacts and Resources a) Report problems accessing the Data Center/ Request form to the ITS Help Desk at b) Address questions regarding these guidelines to:
10 Page 10 of 10 Related Documents CSULA ITS-2524 ITS-2511 ITS-2804 ITS-7804 ITS-8825 Chancellor s Office CSU Information Security Policy Title Cal State L.A. Information Security Program an_2012.pdf This document establishes the University s Information Security Program in support of its obligation to protect the technology resources and information assets entrusted to it. Campus Security Incident Response Team This internal document, available from the director for IT Security and Compliance, defines the steps to effectively respond to information security incidents, minimize disruption and return operations to a normal state. Lost or Stolen Computer or Electronic Storage Device Report Form used to report a lost or stolen computer or electronic storage device to University Police and IT Security and Compliance. Data Center/Switchroom Log Internal ITS form, available from the assistant director of Network Operations Center, Servers and Technology Operations, is used to record entry and exit from the data center or communications room. Data Center Request Form used to apply for access to the data center and communication rooms. Title The California State University Information Security Policy This document provides policies governing CSU information assets.
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) PURPOSE: The purpose of this procedure is to establish the roles, responsibilities, and communication procedures for the Computer Security Incident
University of Manitoba - Information Services & Technology Data Centre & Facilities Access Procedures Effective Date: Review Date: Approving Body: Applies to: March 1, 2012 March 1, 2017 Mike Langedock,
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
Northwestern Memorial Hospital DEPARTMENTAL POLICY Subject: DEPARTMENTAL ADMINISTRATION Title: 1 of 11 Revision of: NEW Effective Date: 01/09/03 I. PURPOSE: This policy defines general behavioral guidelines
1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY California Maritime Academy Audit Report 14-54 April 8, 2015 Senior Director: Mike Caldera IT Audit Manager:
CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
Account Management Standards Overview These standards are intended to guide the establishment of effective account management procedures that promote the security and integrity of University information
BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM MAINTENANCE PROCEDURES V1.8 JULY 18, 2012 1. PURPOSE The purpose of this procedure
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
Controls for the Credit Card Environment Edit Date: May 17, 2007 Status: Approved in concept by Executive Staff 5/15/07 This document contains policies, standards, and procedures for securing all credit
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
Policy Statement TECHNOLOGY ACCEPTABLE USE POLICY Reason for Policy/Purpose The purpose of this policy is to provide guidelines to the acceptable and ethical behavior that guides use of information and
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of
Table of Contents: 000 Introductory Material 001 Introduction Western Oregon University v1.6 Please direct comments to: Bill Kernan, Chief Information Security Officer 100 Information Security Roles and
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
Contra Costa Community College District Business Procedure 10.57 SECURITY CAMERA OPERATING PROCEDURE The District and its colleges are committed to enhancing the quality of life of the community by integrating
Caldwell Community College and Technical Institute Employee Computer Usage Policies and Procedures I. PURPOSE: The purpose of this section is to define the policies and procedures for using the administrative
Responsible Use of Technology and Information Resources Introduction: The policies and guidelines outlined in this document apply to the entire Wagner College community: students, faculty, staff, alumni
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
Internet & Cell Phone Usage Policy The Internet usage Policy applies to all Internet & Cell phone users (individuals working for the company, including permanent full-time and part-time employees, contract
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
Contact: Administrative Services Issued: June 24, 2013 Supersedes: Keys - Administration and Control of Keys, September 2007; and Keys - Issuance and Retrieval, March 1986 Pages: 13 OVERVIEW PHYSICAL ACCESS
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to email@example.com when requesting a stand-alone dial up terminal. The University
Table of Contents Policy & Procedures Issued by: Technology Steering Committee Effective: October 2007 (Revised June 2014) Applies to: All members of the University community Introduction...1 Purpose...1
Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen Supplementary data protection agreement to the license agreement for license ID: between...... represented by... Hereinafter referred to as the "Client"
Southern Law Center Law Center Policy #IT0014 Title: Privacy Expectations for SULC Computing Resources Authority: Department Original Adoption: 5/7/2007 Effective Date: 5/7/2007 Last Revision: 9/17/2012
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
REQUEST FOR QUOTE SUBJECT: Request for Quotes, State Term Contract #973-561-10-1, Information Technology Consulting Services TITLE: National Youth in Transition Database (NYTD) Survey Tool Proposal Software
Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721 Electronic Information Security and Data Backup Procedures Date Adopted: 4/13/2012 Date Revised: Date Reviewed: References: Health Insurance Portability
Network Security 6-005 INFORMATION TECHNOLOGIES July 2013 INTRODUCTION 1.01 OSU Institute of Technology (OSUIT) s network exists to facilitate the education, research, administration, communication, and
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank
Information Technology Security Standards and Protocols Coast Community College District 1 Contents DIT 01 - Information Security Program Overview... 7 1.0 Purpose, Scope, and Maintenance... 7 1.1 Purpose...
Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 Revision Control Document Title: File Reference: Credit Card Handling Policy and Procedure PCI Policy020212.docx Date By Action Pages
A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:
YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September
6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information
CAL POLY POMONA FOUNDATION Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 PURPOSE The purpose of this policy is to establish business processes and procedures for accepting payment
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004L Payment Card Industry (PCI) Physical Security (proposed) 01.1 Purpose The purpose
Vanderbilt University Payment Card Processing and PCI Compliance Policy and Procedures Manual PCI Compliance Office Information Technology Treasury VUMC Finance Table of Contents Policy... 2 I. Purpose...
HIPAA Privacy and Security Risk Assessment and Action Planning Practice Name: Participants: Date: MU Stage: EHR Vendor: Access Control Unique ID and PW for Users (TVS016) Role Based Access (TVS023) Account