IMPLEMENTATION DETAILS
|
|
- Lewis York
- 8 years ago
- Views:
Transcription
1 Plicy: Title: Status: 1. Intrductin ISP-I10 Payment Card Security Apprved Infrmatin Security Plicy Dcumentatin IMPLEMENTATION DETAILS 1.1. This dcument supprts implementatin f the "Payment Card Industry Data Security Standard (PCI DSS) cmpliance" plicy referred t in plicy dcument Cmpliance Plicy (ISP-S3) The Payment Card Industry Data Security Standard (PCI DSS) is a wrldwide infrmatin security standard defined and published by the Payment Card Industry Security Standards Cuncil. The standard was created t help payment card industry rganisatins that prcess card payments prevent payment card fraud thrugh increased cntrls arund data and its expsure t cmprmise. The standard applies t all rganisatins that hld, prcess, r exchange cardhlder infrmatin. Enfrcement f cmpliance is dne by the rganisatin s card prvider. Organisatins that fail t meet the cmpliance requirement risk lsing their ability t prcess payment card payments and being audited and/r fined Definitins Payment card - A card backed by an accunt hlding funds belnging t the cardhlder, r ffering credit t the cardhlder such as a debit r credit card. PCI DSS - The Payment Card Industry Data Security Standard (see abve). Stripe / track data - Infrmatin stred in the magnetic strip r chip n a payment card. PAN - A Primary Accunt Number is a 14 r 16 digit number embssed n a debit r credit card and encded in the card's magnetic strip which identifies the issuer f the card and the accunt. PIN - A Persnal Identificatin Number is a secret numeric passwrd used t authenticate payment cards. CAV2/CVC2/CVV2/CID 3-digit security cde displayed n payment cards. Cardhlder Data Payment card data including: Primary Accunt Number (PAN), name f cardhlder, expiratin date and service cde. Sensitive Authenticatin Data - Full magnetic stripe data r equivalent n a chip, CAV2/CVC2/CVV2/CID r PINs/PIN blcks. Cardhlder Data Envirnment (CDE) - Area f cmputer system netwrk that pssesses cardhlder data r sensitive authenticatin data and thse systems and segments that directly attach r supprt cardhlder prcessing, strage, r transmissin. PDQ Machine A credit card swipe machine. PED PIN Entry Device. Payment Card Security (ISP-I10) V13 Page 1 f 8
2 Internal Security Assessr (ISA) A persn wh has been certified by the PCI Security Standards Cuncil t audit merchant they are emplyed by fr Payment Card Industry Data Security Standard (PCI DSS) cmpliance Qualified Security Assessr (QSA) A persn wh has been certified by the PCI Security Standards Cuncil t audit merchants fr Payment Card Industry Data Security Standard (PCI DSS) cmpliance This dcument includes statements n: 2. Scpe Scpe PCI DSS utline PCI DSS cmpliance plicy Authrisatin and respnsibilities Payment card prcessing Electrnic cardhlder data handling Paper cardhlder data handling Retentin f cardhlder data Physical security f payment card prcessing equipment 2.1. Plicy statements in this dcument apply t: All staff invlved in payment card prcessing All payment card prcessing arrangements acrss the University Bth manual and IT-based payment card prcessing 3. PCI DSS utline 3.1. The Payment Card Industry Data Security Standard (PCI DSS) sets ut an extensive and detailed list f requirements and security assessment prcedures. The gals and requirements f the standard (currently v3.1) are summarised as: Build and Maintain a Secure Netwrk Requirement 1: Install and maintain a firewall cnfiguratin t prtect cardhlder data Requirement 2: D nt use vendr-supplied defaults fr system passwrds and ther security parameters Prtect Cardhlder Data Requirement 3: Prtect stred cardhlder data Requirement 4: Encrypt transmissin f cardhlder data acrss pen, public netwrks Maintain a Vulnerability Management Prgram Requirement 5: Use and regularly update anti-virus sftware r prgrams Requirement 6: Develp and maintain secure systems and applicatins Implement Strng Access Cntrl Measures Requirement 7: Restrict access t cardhlder data by business need t knw Payment Card Security (ISP-I10) V13 Page 2 f 8
3 Requirement 8: Assign a unique ID t each persn with cmputer access Requirement 9: Restrict physical access t cardhlder data Regularly Mnitr and Test Netwrks Requirement 10: Track and mnitr all access t netwrk resurces and cardhlder data Requirement 11: Regularly test security systems and prcesses. Maintain an Infrmatin Security Plicy Requirement 12: Maintain a plicy that addresses infrmatin security fr all persnnel. 4. PCI DSS cmpliance plicy 4.1. All University card prcessing activities and related technlgies must cmply with the Payment Card Industry Data Security Standard (PCI-DSS) This plicy dcument frms part f University f Leicester infrmatin security plicy and directly meets the PCI DSS requirement t Maintain a plicy that addresses infrmatin security fr all persnnel Card prcessing activities must be cnducted as described herein and in accrdance with the PCI DSS standards. N activity may be cnducted nr any technlgy emplyed that might bstruct cmpliance with any prtin f the PCI-DSS All relevant staff must be made aware f the imprtance f cardhlder data security and must be aware f the requirements stated in this plicy This plicy shall be reviewed annually and updated as needed t reflect changes t business bjectives, t the risk envirnment r t PCI DSS The prspective prcurement f any slutin that includes card payment prcessing must be validated as being PCI-DSS cmpliant prir t purchase. As a requirement all prspective slutins must be cntractually specified as being PCI-DSS cmpliant within the University f Leicester s IT infrastructure. (Nte: Certain requirements stated in this plicy are nt part f the PCI DSS itself; hwever, are included t facilitate University PCI DSS cmpliance.) 5. Authrisatin and respnsibilities 5.1. Staff r departments must nt plan, cmmissin, use r mdify any payment card prcessing prcedures r systems withut cnsultatin with the Finance Office and authrisatin by the Finance Directr. (This includes any payment card prcessing activity t be undertaken n behalf f the University r which invlves any use f University IT r netwrking equipment.) 5.2. The Finance Office is respnsible fr managing PCI DSS cmpliance acrss the University and may remve any payment card prcessing activity causing unacceptable risk IT Services is respnsible fr arranging and assessing the results f the external and internal netwrk security scans required fr PCI DSS cmpliance. (Apprved external and internal netwrk scans must be run at least quarterly t check fr security against external access t any netwrked devices that prcess payment card data.) Payment Card Security (ISP-I10) V13 Page 3 f 8
4 5.4. The Finance Office and Infrmatin Assurance Services are jintly respnsible fr making all relevant staff aware f the imprtance f cardhlder data security and the requirements stated in this plicy The Finance Office is respnsible fr ensuring that fr service prviders with whm cardhlder infrmatin is shared: Cntracts require adherence t PCI-DSS by the service prvider. Cntracts include acknwledgement r respnsibility fr the security f cardhlder data by the service prvider. Their PCI DSS cmpliance status is mnitred at least annually A list f all staff currently authrised t rutinely use devices t prcess payment cards, such as tills, PEDs, PDQ machines etc. must be maintained by the department respnsible fr prviding that service and a cpy submitted t the Finance Incme Systems Specialist wh maintains the central lg Staff are reminded f the requirement t reprt security incidents and any suspected security weaknesses as specified in Reprting Infrmatin Security Incidents (ISP-I3) The Finance Office is respnsible fr maintaining a current list f all University payment card service prviders. 6. Payment card prcessing 6.1. Students wishing t pay curse fees by payment card must be directed t use the nline payment system (see 6.8). Where that is nt pssible anther frm f payment i.e. cheque, draft r bank transfer must be used instead Staff must nt request transmissin f any payment card infrmatin frm University custmers via , SMS/text, Skype, scial netwrking, Micrsft Lync r ther enduser messaging technlgies Departments shuld, under n circumstances, ask students/custmers t release the three-digit security cde held n the reverse f their card. (The University pays a higher payment card transactin fee t avid having t cllect and prcess the security cde.) 6.4. When staff prcess card details n a PED r PDQ credit card terminal, they shuld press the Enter key in rder t skip the three-digit security cde entry field. (Please nte this des nt apply t GPRS mbile terminals refer t 6.10) 6.5. Any electrnically stred legacy payment card data, r data stred in errr, must be deleted securely Payment card infrmatin, including full PAN numbers, must nt be displayed r made visible t anyne except authrised staff. Fr example, payment equipment such as tills must nt shw the full PAN. (The first six and last fur digits are the maximum number f digits that may be displayed.) 6.7. Full credit card numbers may nly be viewed by authrised staff with a need t see them as part f their duties Students must nt be specifically directed t University f Leicester IT equipment t use University f Leicester prvided nline payment slutins. If a student wishes t use Payment Card Security (ISP-I10) V13 Page 4 f 8
5 University IT infrastructure t make an nline payment, then it is their chice and nt mandated by the University Administratrs f the Recurring Card Payment, when setting up a new payment plan n behalf f a student, are permitted t ask fr the three digit security cde if prmpted by the system. This is an allwed exceptin t Finance prvides GPRS mbile PED fr shrt term. When making a MOTO payment, administratr s using this type f terminal maybe prmpted fr a CVV and are permitted t ask fr the three digit security cde if prmpted. This is an allwed exceptin t Electrnic cardhlder data handling 7.1. Staff must nt stre any electrnic payment card infrmatin, whether r nt encrypted, n any cmputers r strage devices whether by scanning, keying r any ther means. Nte: This applies t all types f payment card data including PAN, PIN, three-digit security cdes and full track data. This requirement limits the scpe f the CDE and s cntrls the cst, difficulty and feasibility f implementing and maintaining the PCI DSS cntrls necessary fr cmpliance Staff must nt send cardhlder data via , sms/text, Skype, scial netwrking, Micrsft Lync r ther end-user messaging technlgies, whether r nt encrypted Systems which are specifically designed and deplyed t transfer cardhlder data electrnically such as tills, PEDs and PDQs and utsurced e-cmmerce slutins must d s in a way that meets PCI DSS cmpliance requirements. When planning and deplying such systems, the Finance Office will wrk with departments, IT Services, system vendrs, ISAs and QSAs as apprpriate t achieve and maintain PCI DSS cmpliance Cmputers must nt be used by University staff t access utsurced e-cmmerce slutins, such as WPM r YESPay, n behalf f custmers University staff may nly use PDQ machines t make payments n behalf f custmers Authrised university staff may nly access the WPM Recurring Card Payment applicatin via the secure remte desktp & virtual server slutin prvided by IT Services Authrised university staff may nly access the Realex virtual terminal via the secure remte desktp & virtual server slutin prvided by IT Services. 8. Paper cardhlder data handling 8.1. The aim shuld be t reduce and preferably eliminate the need fr cardhlder data t be held in paper frm. Prcesses shuld be regularly reviewed t determine whether nline payment prcesses can be implemented t replace paper-based prcedures Sensitive card authenticatin data must nt be recrded n paper Cardhlder data stred n paper, which exclude sensitive authenticatin data, must be: Payment Card Security (ISP-I10) V13 Page 5 f 8
6 In a lcked cabinet whenever nt in use r supervised. Offices husing such cabinets must als be lcked when nt ccupied. Keys t afre mentined lcked cabinets and ffices shuld be kept securely at a lcatin away frm the lcked cabinet and ffice. Destryed when n lnger required by secure nsite crss-cut shredding, incineratin r pulping. (Paper recrds hlding unwanted payment card infrmatin must be lcked away until destryed.) (als see 9.2 belw.) Marked t distinguish it frm ther paperwrk. Departments may use their wn classificatin and marking system fr cardhlder data paperwrk. A suitable slutin wuld, fr example, be t use distinctively clured statinery. Phtcpies f credit cards shuld never be taken r stred Where it is necessary t transfer paper cardhlder data within the site: The nly acceptable methd is delivery by hand during ffice hurs. The internal mail system must nt be used. Card hlder data mvement must be lgged with a despatch recrd and crrespnding received recrd. Bth shuld be recnciled t ensure mvement f the data is cmplete. Card hlder data when being transprted shuld be in a sealed envelpe r packet Incming mail cntaining cardhlder data frm utside the University may be received thrugh the internal mail system. Hwever, regard shuld be had t Sectin 8.1 with a view t eliminating the need fr paper-based prcesses There shuld nt be any requirement fr cardhlder data t be sent via an external pstal service. Hwever, if in exceptinal circumstances a need shuld arise, apprval must be first btained frm the Directr f Finance. In such cases the data must be delivered by hand t the Pst Rm and a tracked curier service must be used A recrd must be kept detailing any transfer f payment card data within the University and by external pstal service shuld a need arise. Management apprval is required prir t the transfer The use f faxes t receive card data shuld be discuraged, hwever if it is necessary t receive a fax, then the fax machine being used shuld nt have an internal memry, hard drive r ther strage slutin capable f recrding details f the received fax University multi-functinal devices, netwrk fax machines r cmputer based fax slutins shuld nt be used t receive card data. 9. Retentin f cardhlder data 9.1. Cardhlder data, excluding any sensitive authenticatin data, may be retained nly as paper recrds. The nly acceptable card hlder data stred as paper recrds after prcessing a custmer credit card are Merchant Receipts generated by: Finance distributed Chip & Pin devices University EPOS system Chip & Pin devices Chip & Pin devices cnnected t XN sprts management system Hwever it shuld be nted that under nrmal business prcedures merchant receipts d Payment Card Security (ISP-I10) V13 Page 6 f 8
7 nt display the full pan and that paper recrds f the PAN number after prcessing are nt kept. (See 9.6) 9.2. Except in exceptinal circumstances and with explicit apprval f the Finance Office, retained cardhlder data fr any financial year (August-July) must be destryed by the end f the fllwing January Card hlder data that is due t be destryed must be secured in lcked cntainers prir t destructin. The cntent shuld nt be accessible Card hlder data will be destryed by the University s shredding service, using a means that makes it impssible t recnstitute the cntent f the paper based media Audits will be cnducted by the Finance Office t ensure destructin The retentin f card hlder data after it has been prcessed is nly permitted after written cnfirmatin by the Deputy Directr f Finance, subject t the team/ department/ staff member having: A prven business reasn t retain card hlder data The necessary prcesses and prcedures in place t secure the card hlder data in a cmpliant manner. A prven data management prcess that supprts auditing, remval and secure destructin f the card hlder data when n lnger required. 10. Physical security f payment card prcessing equipment Devices used t prcess payment cards, such as tills, PEDs and PDQ machines must: Only be used by staff authrised t d s as part f their duties. Be prtected frm physical access ut-f-hurs by thse nt authrised t use the equipment r authrised t be in the area. (Small devices such as PDQs must be lcked away and larger devices such as tills must be in rms with restricted access when nt in use.) Be subjected t rutine visual inspectin, preferably each day r befre use. Equipment, cabling and cnnectins shuld be inspected fr signs f tampering. The wrking area in the vicinity f the equipment shuld be checked fr any suspicius devices, hidden cameras etc. Nt be taken ff site fr testing, repair r use withut written apprval f a senir member f the Finance team Out-f-hurs visitrs t areas giving access t payment equipment must be supervised and details f such visits must be lgged The installatin f new r replacement equipment must be validated and apprved by Finance wrking with IT services t ensure security f payment equipment has nt been cmprmised Payment devices must nt be psitined where University CCTV cameras can pick up card numbers, pin numbers and/r secure card data The use f University issued r persnal vide recrding devices by University Staff must nt be used in the vicinity where card numbers, pin numbers r secure card data can Payment Card Security (ISP-I10) V13 Page 7 f 8
8 be bserved. This includes bdy cameras, Ggle Glass (and similar) and mbile phne cameras. Custmers shuld be asked t deactivate any such device if they are in the vicinity f a card payment device. Failure t cmply with University Plicy may lead t disciplinary actin. The fficial versin f this dcument will be maintained n-line. Befre referring t any printed cpies please ensure that they are up-t-date. Payment Card Security (ISP-I10) V13 Page 8 f 8
IMPLEMENTATION DETAILS
Plicy: Title: Status: 1. Intrductin ISP-I10 Payment Card Security Apprved Infrmatin Security Plicy Dcumentatin IMPLEMENTATION DETAILS 1.1. This dcument supprts implementatin f the "Payment Card Industry
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationProcess of Setting up a New Merchant Account
Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationVantiv eprotect iframe Technical Assessment Paper Prepared for:
Vantiv eprtect iframe Technical Assessment Paper Prepared fr: Octber 13, 2015 P a g e 2 Cntents EXECUTIVE SUMMARY...3 OVERVIEW... 3 ABOUT VANTIV EPROTECT... 4 OPERATIONAL FLOW... 5 TECHNICAL ASSESSMENT...6
More informationRemote Working (Policy & Procedure)
Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationTITLE: RECORDS AND INFORMATION MANAGEMENT POLICY
TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act
More informationIT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationPrivacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.
Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationUNT Payment Card Merchant Handbook
UNT Payment Card Merchant Handbk University f Nrth Texas January 2014 Vlume 4, Issue 1 STUDENT ACCOUNTING & UNIVERSITY CASHIERING SERVICES Cntents The Purpse f the Handbk...1 General Overview...2 Hw des
More informationEmployees - recruitment, records and monitoring
Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationImmaculate Conception School, Prince George Bring Your Own Device Policy for Students
Bring Yur Own Device Plicy fr Students Purpse This plicy utlines the acceptable use f electrnic devices t maintain a safe and secure educatin envirnment with the gal f preparing students fr the future,
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015
ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY Gvernrs Cmmittee: Finance and General Purpses Apprved by Gverning Bdy n: 6 th May 2015 Signed: (Chair f Cmmittee) Signed: (Headteacher) Date t be
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationElectronic and Information Resources Accessibility Compliance Plan
Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise
More informationUnified Infrastructure/Organization Computer System/Software Use Policy
Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationNHVAS Mass Management Spot Check Checklist
Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationNorwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16
Yu must read and agree t fllw the netwrk rules belw t use yur netwrk accunt r access the internet. Nrwd Public Schls makes available t students access t cmputers and the Internet. Students are expected
More informationPCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities
PCI - Why Yu Need t be Cmpliant When Accepting Credit Card Payments Tuesday, March 27, 2012 Agenda Breach Events & Cmmnalities Evlutin f PCI PCI Requirements Risks f Nn-cmpliance Industry Initiatives t
More informationNHS WEST NORFOLK CLINICAL COMMISSIONING GROUP SAFEHAVEN POLICY
NHS WEST NORFOLK CLINICAL COMMISSIONING GROUP SAFEHAVEN POLICY 1 DOCUMENT CONTROL SHEET Name f Dcument: Safehaven Plicy Versin: 1 File Lcatin / Dcument Name: Held by Senir Infrmatin Risk Owner (SIRO):
More informationSaaS Listing CA Cloud Service Management
SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters
More informationSupport Services. v1.19 / 2015-07-02
Supprt Services v1.19 / 2015-07-02 Intrductin - Table f Cntents 1 Intrductin... 3 2 Definitins... 4 3 Supprt Prgram Feature Overview... 5 4 SLA fr the Supprt Services... 6 4.1 Standard Supprt... 6 4.2
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationEA-POL-015 Enterprise Architecture - Encryption Policy
Technlgy & Infrmatin Services EA-POL-015 Enterprise ure - Encryptin Plicy Authr: Craig Duglas Date: 17 March 2015 Dcument Security Level: PUBLIC Dcument Versin: 1.0 Dcument Ref: EA-POL-015 Dcument Link:
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationComtrex Systems Corporation. CISP/PCI Implementation Guidance for Odyssey Suite
CISP/PCI Implementatin Guidance fr Odyssey Suite Applicable Applicatin Versin This dcument supprts the fllwing applicatin versin: Odyssey Suite Versin 2.0 Intrductin Systems which prcess payment transactins
More informationBAMS Third Party Service Providers (TPSPs) FAQs
BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationNYU Langone Medical Center NYU Hospitals Center NYU School of Medicine
Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationMacintosh Operating System Online Proctoring Guide
Macintsh Operating System Online Prctring Guide ONLINE PROCTORING GUIDE 0 Macintsh Operating System Online Prctring Guide Cntents CONTENTS... 1 ABOUT ONLINE PROCTORING... 2 PREPARING FOR YOUR ONLINE PROCTORED
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationDurango Merchant Services QuickBooks SyncPay
Durang Merchant Services QuickBks SyncPay Gateway Plug-In Dcumentatin April 2011 Durang-Direct.cm 866-415-2636-1 - QuickBks Gateway Plug-In Dcumentatin... - 3 - Installatin... - 3 - Initial Setup... -
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationInstallation Guide Marshal Reporting Console
Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling
More informationP CARD College of Health and Rehabilitation Sciences: Sargent Internal Policy
P CARD Cllege f Health and Rehabilitatin Sciences: Sargent Internal Plicy All purchasing card hlders must read the Purchasing Card Prgram Manual (P Card Manual) and cnfirm upn ding s via email t the SAM
More informationWire Transfer Request
Wire Transfer Request Requirements and Instructins OFFICE OF DISBURSEMENTS Categry: Dcument Name: Payment Prcessing Wire Transfer Request - Requirements and Instructins Respnsible Department: Office f
More informationInformation Security Policy
Infrmatin Security Plicy Last updated: 09 March 2010 Plicy Assigned t: Chief Infrmatin Officer, ICT Table f Cntents 1. Overview... 2 2. Backgrund... 2 3. Cverage... 2 4. Definitins... 3 5. Risk Assessment
More informationSupersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5
Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet
More informationPCI Compliance Merchant User Guide
PCI Cmpliance Merchant User Guide Table f Cntents Intrductin... 5 PCI Prgram Overview... 5 PCI10 2.0 Applicatin Tl Overview... 6 Lgin Prcess... 6 Update My Prfile... 7 Frgt Yur Passwrd... 8 Welcme Pages...
More informationACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.
Web Develpment Offshre Develpment Outsurcing SEO ACTIVITY MONITOR This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it
More informationHow To Set Up An Aut Debit On A Verifne Credit Card On A Pc Or Macbook (For A Credit Card) On A Macbook Or Macromusa (For An Installment Billing) On An Iphone Or Ipad
Tpic Dc - ARMY Aut-Debit Setup Using MX830 Updated July 2012 SYSTEM SETUP CHECKLIST: (See details belw) 1. Upgrade t 10.1s r Greater and Lad Patch Files sa0445x and sa0399 2. Obtain Lcal/Regin Cmmand Apprval
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationDetroit Public Schools Policy 13.14 Page 1
Detrit Public Schls Plicy 13.14 Page 1 SUBJECT: Supersedes: STUDENT RECORD AND TRANSCRIPT PROCESSING Nne; New Plicy Effective: September 1, 2006 Page: 1 f 10 1.0 Purpse 2.0 Scpe This prcedure dcuments
More informationOptimal Payments Extension. Supporting Documentation for the Extension Package. 20140225 v1.1
Optimal Payments Extensin Supprting Dcumentatin fr the Extensin Package 20140225 v1.1 Revisin Histry v1.1 Updated Demac Media branding v1.0 Initial Dcument fr Distributin supprt@ptimalpayments.cm Page
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationOrganisational self-migration guide an overview V1-5 April 2014
Organisatinal self-migratin guide an verview V1-5 April 2014 Cpyright 2013, Health and Scial Care Infrmatin Centre. 1 Self Migratin t NHSmail an verview fr rganisatins Cntents Intrductin 3 1. Initial preparatins
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security
ISMF Standard 141 OCIO/S4.6 Gvernment standard n cyber security Prepared by: Office f the Chief Infrmatin Officer Versin: v1.0 Date: 12 September 2014 GOVERNMENT STANDARD ON CYBER SECURITY OCIO/S4.6 Cnfidentiality:
More informationDATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released
Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationTHIRD PARTY PROCUREMENT PROCEDURES
ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationMaaS360 Cloud Extender
MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument
More informationInternet and E-Mail Policy User s Guide
Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin
More informationSouth Australia Police POSITION INFORMATION DOCUMENT
Suth Australia Plice POSITION INFORMATION DOCUMENT Stream: Career Grup: Discipline: Classificatin: Service: Branch: Psitin Title: Administrative Services Cnsultancy and Infrmatin AO ASO-6 Infrmatin Systems
More informationMerchant Processes and Procedures
Merchant Prcesses and Prcedures Table f Cntents EXHIBIT C 1. MERCHANT INTRODUCTION TO T-CHEK 3 1.1 Wh is T-Chek Systems? 3 1.2 Hw t Cntact T-Chek Systems 3 1.3 Hw t Recgnize T-Chek Frms f Payment 3 1.3.1
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationAML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: 01332 650 009 Fax: 01332 650 850 Email:
AML Internet Manr Curt, Manr Farm Huse, Lndn Rad, Derby, Derbyshire, DE72 2GR. Tel: 01332 650 009 Fax: 01332 650 850 Email: Backup@AmlInternet.c.uk Cntents Page Situatin Analysis 3 AML Internet - The Slutin
More informationSECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain
More informationACTIVITY MONITOR Real Time Monitor Employee Activity Monitor
ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library
More informationEnsuring end-to-end protection of video integrity
White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationInformation Security Policy
Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every
More informationElectronic Data Interchange (EDI) Requirements
Electrnic Data Interchange (EDI) Requirements 1.0 Overview 1.1 EDI Definitin 1.2 General Infrmatin 1.3 Third Party Prviders 1.4 EDI Purchase Order (850) 1.5 EDI PO Change Request (860) 1.6 Advance Shipment
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationA Comparison of UK and Chinese Broking Regulation
A Cmparisn f UK and Chinese Brking Regulatin David Cupe Partner +44 (0)203 553 4884 david.cupe@ec3legal.cm The fllwing tables are a cmparisn f UK and Chinese brking regulatins including the Llyd s regulatins.
More informationAccess EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3
EEC Single Sign In (SSI) Applicatin The EEC Single Sign In (SSI) Single Sign In (SSI) is the secure, nline applicatin that cntrls access t all f the Department f Early Educatin and Care (EEC) web applicatins.
More informationZimbra Professional Services Portfolio, Purchasing Guide & Price List
In- Tuitin Netwrks Ltd Zimbra Prfessinal Services Prtfli, Purchasing Guide & Price List This dcument prvides an verview f In- Tuitin Netwrks Limited s range f Zimbra Prfessinal Services available n the
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationensure that all users understand how mobile phones supplied by the council should and should not be used.
Mbile Phne Plicy & Guidance Intrductin This plicy is designed t safeguard bth the cuncil and users f mbile phnes supplied by Angus Cuncil. It aims t ensure that these are used effectively, fr their intended
More informationCorporate Credit Card Policy
Plicy N: 13 Crprate Credit Card Plicy CONTROL: Plicy Type: Authrised by: Head f Pwer: Financial Cuncil Nt Applicable Respnsible Officer: Crprate and Cmmunity Manager Respnsibilities: Review and implement
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 8 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk The Bard f Educatin recgnizes as new technlgies shift the manner in which infrmatin is
More informationCorporate Standards for data quality and the collation of data for external presentation
The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationPROCESSING THROUGH MPS and AVIMARK
Befre using McAllister Payment Slutins (MPS) as yur pint-f-sale and/r integrated credit card prcess slutin, the McAllister Payment Slutins PA- DSS Implementatin Guide must be reviewed in its entirety.
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More information