Payment Card Industry (PCI) Card Production

Size: px
Start display at page:

Download "Payment Card Industry (PCI) Card Production"

Transcription

1 Payment Card Industry (PCI) Card Prductin Physical Security Requirements Versin 1.0 May 2013

2 PCI Security Standards Cuncil LLC 2013 This dcument and its cntents may nt be used, cpied, disclsed, r distributed fr any purpse except in accrdance with the terms and cnditins f the Nn-Disclsure Agreement executed between the PCI Security Standards Cuncil LLC and yur cmpany. Please review the Nn-Disclsure Agreement befre reading this dcument. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page i

3 Dcument Changes Date Versin Authr Descriptin December x PCI RFC versin May PCI Initial Release PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page ii

4 Table f Cntents Dcument Changes... ii 1 Scpe Lss Preventin Persnnel Emplyees Pre-emplyment Dcumentatin and Backgrund Checks Applicant/Emplyee Backgrund Infrmatin Retentin Screening and Dcumentatin Usage Persnnel Changes Security Cmmunicatin and Training Ntificatin Guards General Guidelines Rle and Respnsibilities Dcumentatin Security Training Visitrs Registratin prcedures Visitr Security Ntificatin Visitr identificatin External Service Prviders General Guidelines Vendr s Agents General Guidelines Premises External Structure External Cnstructin Exterir Entrances and Exits External Walls, Drs and Windws Building Peripheral Prtectin External Security Emergency Exits Exterir Lighting Rf Access Exterir CCTV Signage Internal Structure and Prcesses Receptin Security Cntrl Rm High Security Areas (HSAs) HSA Security Prtectin and Access Prcedures Rms Vault Other Areas Internal Security Alarm Systems Badge Access System Duress Buttns Lcks and Keys Clsed Circuit Televisin (CCTV) Security Device Inspectins PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page i

5 3.5 Vendr Business Cntingency Plan Prductin Prcedures and Audit Trails Order Limitatins Card Design Apprvals Prf Submissin Apprval Respnse Samples Sample Retentin Required Samples Originatin Materials and Printing Plates Access and Inventry Cre Sheets and Partially Finished Cards Cre Sheets Partially Finished Cards Ordering Prprietary Cmpnents Audit Cntrls Manufacturing General Vault Audit Cntrls Persnalizatin Audit Cntrls Prductin Equipment and Card cmpnents Persnalizatin Equipment Tipping Fil Indent Printing Mdule Returned Cards/PIN Mailers Receipt Accuntability Destructin and Audit Prcedures Lst and Stlen Reprts Packaging and Delivery Requirements Preparatin Packaging Strage befre Shipment Delivery Mailing Curier Service Secure Transprt Shipping and Receiving Prcedures fr Transprtatin and Receipt Receipt and Return f Card cmpnents Establishing Respnsibility fr Lss PIN Printing and Packaging f Nn-persnalized Prepaid Cards Glssary PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page ii

6 1 Scpe The PCI Card Prductin Physical Security Requirements manual is a cmprehensive surce f infrmatin fr card vendrs, which may include manufacturers, persnalizers, pre-persnalizers, chip embedders, data-preparatin vendrs, and fulfillment vendrs. The cntents f this manual specify the physical security requirements and prcedures that vendrs must fllw befre, during, and after the fllwing prcesses: Card manufacturing Magnetic-stripe card encding and embssing Card persnalizatin Chip initializing r pre-persnalizatin Chip embedding Chip persnalizatin Card string Shipping Mailing This dcument defines the physical security requirements develped by PCI Security Standards Cuncil (PCI SSC). Requirements fr lgical security fr persnalizatin are nt included in this manual, but can be fund in a separate dcument, Payment Card Industry (PCI) Card Prductin Lgical Security Requirements. Unless prhibited by law, all vendrs undertaking any r all f the abve activities must adpt the security cntrl prcedures and security devices specified in this manual as the minimum requirements accepted by the funding payment brands f PCI. Vendrs may adpt additinal security cntrls as they deem apprpriate, prvided they are in additin t and enhance the prcedures set frth in this manual. Vendrs management must review and recmmend enhancements t the security prcedures used by any cntracted remte mnitring rganizatin. Unless therwise stated, all data and infrmatin that is required t be stred must be stred fr a minimum f 24 mnths 1.1 Lss Preventin Vendrs are respnsible fr preventing any unexplained prduct lsses. Vendrs are liable fr any unexplained lss, theft, deteriratin, r destructin f card prducts r cmpnents that may ccur while such prducts are in the vendr s facility. Vendrs are required t carry liability insurance cvering all the risks stated abve, taking int cnsideratin the plant lcatin, physical cnditins and security f the plant, the number and duties f the emplyees, and the nature and vlume f the cntracted wrk. If any f the requirements cntained in this manual cnflict with cuntry, state, r lcal laws, the cuntry, state, r lcal law will apply. The individual payment brands are respnsible fr defining and managing cmpliance prgrams assciated with these requirements Cntact the Payment Brand(s) f interest fr any additinal criteria. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 1

7 2 Persnnel 2.1 Emplyees The fllwing set f requirements applies t all emplyees that have access t card prducts, cmpnents, and the high security area (HSA) Pre-emplyment Dcumentatin and Backgrund Checks The vendr must undertake a pre-emplyment dcumentatin and backgrund check using the same pre-emplyment prcedures, emplyment applicatin dcuments, and backgrund checks fr: a) Full-time emplyees b) Part-time emplyees c) Temprary emplyees, cnsultants, and cntractrs d) Guards (internal r external) Applicant/Emplyee Backgrund Infrmatin Retentin The vendr must retain all applicant and emplyee backgrund infrmatin n file fr at least 18 mnths after terminatin f the cntract f emplyment. This infrmatin must be available fr the inspectr during site security reviews Screening and Dcumentatin Usage Emplyment Applicatin Frms a) The vendr must use emplyment applicatin frms that include the fllwing detail relating t the applicant s past: Details f any alias r any ther names. List f their previus addresses r residences fr the last seven years Previus emplyers fr the last seven years Applicants must satisfactrily explain gaps in emplyment. b) The vendr must maintain a persnnel file fr each emplyee that includes but is nt limited t the fllwing infrmatin: Gathered as part f the hiring prcess: - Backgrund check results - Verificatin f aliases (when applicable) - List f previus emplyers and referral fllw-up results - Educatin histry - Scial security number r apprpriate natinal identificatin number - Signed dcument cnfirming that the emplyee has read and understands the vendr s security plicies and prcedures - Fingerprints and results f search against natinal and reginal criminal recrds PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 2

8 Gathered as part f the hiring prcess and peridically thereafter: - Current phtgraph, updated at least every three years - Recrd f any arrests r cnvictins, updated annually - Annual credit checks c) These files must be available t the security inspectrs during site reviews Jb and Sensitive Task Allcatin Restrictins The vendr must nt allcate temprary r interim staff t a secure r sensitive jb r task unless the jb r activity is perfrmed in the presence and under the cntrl f authrized permanent staff Identificatin badges a) The vendr must issue a pht identificatin (ID) badge t each emplyee. b) The ID badge must nt be imprinted with the cmpany name r lg. c) Access cards must be prgrammed nly fr the access required based n jb functin ID Badge r Access Card Usage a) The access cntrl system must grant access t emplyees nly during authrized wrking hurs, and nly t thse areas required by the emplyee s jb functins. b) Emplyees must display their ID badges at all times while in the facility. c) Emplyees are respnsible fr their ID and access badges and must reprt any lst/ stlen r brken badges t the Security Manager immediately ID Badge r Access Card Inventry and Management The security manager is respnsible fr unassigned ID badges and must: a) Maintain an inventry f unassigned ID badges. b) Enfrce dual cntrl fr badge access and assignment. c) Ensure ID badges are retrieved frm terminated emplyees prir t their departure frm the premises. d) Ensure all access rights are immediately deactivated. e) Maintain precise dcumentatin accunting fr all lst badges Persnnel Changes Change in emplyee jb functin The vendr must ensure that: a) The security manager is ntified in writing f any expected emplyee s jb change prir t the change taking effect. b) The security manager must adapt the access cntrl t restricted areas in a timely manner. c) Where necessary, all cmbinatins and ther applicable access cdes knwn t r utilized by emplyee are changed. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 3

9 Terminatin f Emplyment a) If terminatin f emplyment is a planned event, the security manager must be ntified in writing prir t terminatin. b) If terminatin f emplyment is an unscheduled event, the security manager must be ntified in writing as sn as the decisin is made. c) Upn terminatin effective date f the emplyee the security manager r designated representative must: Deactivate all access rights. Recver the pht ID badge. Change all applicable vault cmbinatins and ther applicable access cdes knwn t r utilized by emplyee. Recver all cmpany prperty used in assciatin with card prductin. Verify cmpletin f the emplyee terminatin checklist activities, belw Terminatin checklist The vendr must maintain a cmpleted terminatin checklist n file cnfirming that staff members carry ut the fllwing prcedures (where applicable) within ne business day frm the departure f the emplyee: a) Disable r remve emplyee s cmputer user IDs and passwrds frm all applicable systems. b) Retrieve all sftware prgrams and dcumentatin distributed t emplyee. c) Disable emplyee s access t cmputer data and applicatins. d) Retrieve all cmpany keys distributed t emplyee. e) Retrieve emplyee s badge and pht identificatin and deactivate emplyee access t the facility. f) Change all applicable vault cmbinatins and ther applicable access cdes knwn t r utilized by emplyee. Nte: All additinal lgical actins fr vendrs invlved in persnalizatin activities are detailed in the Lgical Security Requirements dcument Security Cmmunicatin and Training The vendr must emphasize security by: a) Designating an individual (e.g., the CISO) respnsible fr all security matters and cncerns, reprting t a senir cmpany executive. b) Ensuring that individuals perfrming r managing tasks requiring access t card cmpnents have a signed emplyment agreement with the vendr. The agreement includes stipulating that the emplyee cmplies with cmpany plices and rules. c) Prviding a cpy f vendr s internal security manual t all emplyees and security persnnel. The security manual must include the fllwing sectins: Administratin HSAs Security guidelines Prcedures that emplyees must fllw while wrking in the secure facility PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 4

10 d) Evidence f psitive affirmatin by the emplyee f receipt and understanding f respnsibilities and bligatins under the security plicy. e) Ensuring that vendr staff security training incrprates the bligatin fr emplyees t reprt any bserved breaches f established security prcedure. f) Cnducting mandatry training sessins at least annually. These sessins must include understanding the cmpany security plicies and the emplyees respnsibilities and their adherence t security plicies. g) Displaying psters and ntices cncerning security at key lcatins within the vendr facility. h) Requiring that the individual with verall security respnsibility reprts t the bard / Senir Executive Cmmittee n a regular basis, preferably mnthly, any security issues and the actins taken as a result Ntificatin 2.2 Guards The vendr must ntify the Vendr Prgram Administratin (VPA) f any persnnel changes that directly affect the security f card prducts and related cmpnents, including but nt limited t: a) Senir management and crprate fficers b) Security manager c) Emplyees authrized t receive r sign fr any card cmpnents General Guidelines Prescreening a) In-huse r cntracted guards must meet the same prescreening qualificatin requirements as emplyees wrking in HSAs. b) The vendr must ensure that any guard service cntracted frm an utside surce maintains liability insurance t cver ptential lsses Restrictins/Limitatins a) Guards are nt permitted t perfrm any f the functins nrmally assciated with the prductin f card prducts r card cmpnents. b) Guards must nt have access t: HSAs Emplyee recrds Physical master keys that prvide access t card prductin areas Audit lgs Any restricted areas where the vendr prcesses, stres, r delivers card prducts and card cmpnents. c) Guards must be prevented frm mdifying r altering the internal settings n access system cntrls, intrusin alarm system, clsed circuit televisin (CCTV), and recrding devices. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 5

11 2.2.2 Rle and Respnsibilities The guards main rle is t ensure permanent (at a minimum, during wrking hurs) cntrl f the security systems and maintain a high level f prtectin f the building, assets, access and staff, immediately reprting any discrepancy t the cmpany. In additin, the vendr must ensure that: a) Apprpriate emergency prcedures are fllwed and prmpt attentin t reprts f unauthrized access t the premises is received frm law enfrcement agents, and where necessary the VPA b) They maintain a clear segregatin f duties and independence between the prductin staff and the guards. c) Any time activities are perfrmed in the HSA, the security cntrl rm is always ccupied by at least ne guard Dcumentatin The vendr must prvide guards r any ther persn assuming the security functins utlined in this dcument with a cpy f the vendr's internal security prcedures manual, which at a minimum must include: a) Guard s respnsibilities, prcedures, and activities by psitin b) Vendr s security plicies c) Interactin between prductin prcess management, cntracted guard r mnitring services, the plice, and ther emergency services d) Access cntrl at all entry and exit pints f the premises, by date and time f activatin e) External resurce respnse activities f) CCTV mnitring and vide r digital recrdings g) Administratin f access cards and pht ID badges h) Badge access system and cmputer mnitring (such as the lgging in and ut f staff entering r leaving the premises and internal mvement at area access pints) i) Cmpany plicy cncerning emplyee and visitr access t the facility (bth exterir and interir) j) Prperty remval k) Shipping and receiving l) Alarm activatin prcedures m) Respnse t alarms n) Daily activity and immediate incident reprt ) Ptential threats such as burglary r theft t the premises external r internal security p) Handling f emergencies including but nt limited t: Fire Earthquakes Severe weather Direct assault by armed felns Bmb threats Civil disturbances Building evacuatin Ransm demands Hstages Kidnapping q) All guards, whether emplyees r cntract, must sign a dcument indicating that they have read and fully understand the cntents f this manual. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 6

12 2.2.4 Security Training 2.3 Visitrs a) Guards must be trained and aware f all f their assigned tasks defined within the vendr's internal security prcedures manual. Training must ccur at least annually and prir t the assignment f any new respnsibilities. A recrd f the training sessin must be maintained. b) Exceptinal situatins nt specified within these manuals must be reprted immediately t the security manager fr apprpriate actin and pssible inclusin int the manuals. a) All visitrs t the site must be registered ahead f their arrival. b) The registratin must include name and cmpany they represent. c) If the visitr requires access t the HSA, this must be apprved by bth the Security Manager and the Prductin Manager. d) Any unslicited visitrs must be turned away. e) An emplyee must accmpany all visitrs at all times while they are in the facility. f) Visitrs must enter thrugh the receptin area Registratin prcedures a) The vendr must apply the same registratin prcedures t all visitrs entering their facility. These prcedures must include the fllwing: Cnfirmatin f previusly agreed appintment Verificatin f identificatin against an fficial, gvernment issued picture ID b) The vendr must maintain recrds, manually r electrnically, f all visitrs wh enter the facility. If a manual lgbk is used, it must cntain cnsecutive, pre-numbered, bund pages. c) All lgs must be prtected frm mdificatin. d) The fllwing infrmatin must be recrded in the lgbk: Name f the visitr, printed and signed Number f the fficial ID dcument(s) presented and the date and place f issue Cmpany the visitr represents (if any) Name f the persn being visited r in charge f the visitr Purpse f the visit Visitr badge number Date and time f arrival and departure Signature f the emplyee initially assigned t escrt the visitr e) The vendr must retain visitrs registratin recrds fr at least 90 days. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 7

13 2.3.2 Visitr Security Ntificatin At a minimum, the vendr must make visitrs aware f vendr security and cnfidentiality requirements, and the vendr-prvided escrt must ensure the visitr s adherence t thse requirements Visitr identificatin a) Each visitr entering the prductin facility must be issued with and must wear visibly n their persn a security pass r ID badge that identifies them as a nn-emplyee. b) If the security pass r ID badge is dispsable, the visitr s name and date f entry t the facility and, if multi-day, the validity perid must be clearly indicated n the frnt f the badge. c) If the security pass r ID badge is the access cntrl type that enables a recrd t be kept f the visitr s mvement thrughut the facility, the visitr must be instructed n its prper use. The vendr must prgram the visitr access badge r card t activate all card readers lcated in the areas that the visitr is authrized t enter. Unissued visitr access badges must be securely stred. Visitrs must use their access card in the card readers activating the drs giving access t the area int which they are allwed t enter. d) Emplyees respnsible fr escrting visitrs while they are inside the facility must ensure that the visitr surrenders their ID badge t the receptinist r guard befre leaving the building. 2.4 External Service Prviders General Guidelines The vendr must ensure that: a) The requirements f Sectin 2.1, Emplyees, f this dcument have been met by the emplyer f all suppliers, repair and maintenance staff and any ther external service prvider. b) A pre-apprved list f third parties must be made available t the receptinist r t the guard n a daily r weekly basis fr the preparatin f ID badges. Only thse persns with pre-apprved ID badges may be granted facility access. The security manager r senir management must apprve in writing any exceptins t this requirement. c) An emplyee must accmpany all external service prviders at all times while they are in the HSA(s). d) All external service prviders that require access t HSAs t service equipment have adequate liability insurance. e) External service prviders staff requiring access t restricted r HSAs fllw the visitr's registratin prcedures. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 8

14 2.5 Vendr s Agents General Guidelines a) Prir t cnducting any business with an agent r third party regarding card-related activities, the vendr must register the agent with the VPA and btain the fllwing infrmatin: Agent s name, address, and telephne numbers Agent s rle r respnsibility b) The vendr must infrm the VPA whenever the agent relatinship is changed r terminated. c) Agents f the vendr are nt permitted t be in the pssessin f a card(s), card cmpnents, r card persnalizatin data. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 9

15 3 Premises 3.1 External Structure External Cnstructin a) The vendr must prevent unauthrized access t buildings, building areas, r structures cntaining technical machinery r equipment such as the heating system generatr, auxiliary pwer supply, and air cnditining. b) The vendr must prtect drs that prvide access t these by use f electrical r magnetic cntacts that are permanently alarmed and that are cnnected t the security cntrl-rm panels. c) The vendr must establish a specific prcedure t disable these dr alarms and t cntrl the delivery f the access key any time that repair r maintenance staff must access this machinery r equipment. d) The vendr must keep a lg f the disabling f the alarm and the key exchange, describing at least: Date Time Persn(s) needing access Purpse f the access Exterir Entrances and Exits All nn-emergency exterir entrances and exits t the facility must be: a) Cntact alarm mnitred b) Lcked r electrnically cntrlled at all times c) Reinfrced, where applicable, t resist intrusin (e.g., steel r equivalent cnstructin that meets lcal fire and safety cdes) d) Fitted with an access cntrl device (i.e., card reader r bimetric) that autmatically activates the lcking mechanism e) Fitted with a mantrap r interlcking cnfiguratin t prevent staff piggy-backing r tailgating (excluding emergency exits) External Walls, Drs and Windws a) All exterir walls must be pre-cast r masnry blck r material f equivalent strength and penetratin resistance. b) Windws, drs, and ther penings must be prtected against intrusin by mechanisms such as intruder-resistant (e.g., burglar-resistant ) glass, bars, glass-break detectrs, r mtin r magnetic cntact detectrs Building Peripheral Prtectin The vendr must nt place any device (e.g., carriers, waste cntainers, and tls) against the external wall prtecting the uter perimeter f the vendr s facility. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 10

16 3.2 External Security a) The vendr premises must be lcated in an area serviced by public law enfrcement and fire prtectin services in a timely manner. b) The facility must be secured with an intrusin alarm system as defined in Sectin 3.4.1, Alarm Systems. c) The alarm system must be equipped with an auxiliary pwer r battery backup system with capabilities fr ensuring peratin fr a minimum f 48 hurs in the event f a pwer failure. d) All systems must ntify the vendr in real time in the event the backup system is invked. e) All external entry and exit pints, including thse fr freight and maintenance, must be equipped with a peep-hle, a security windw, r external CCTV that allws security persnnel visual inspectin f the immediate area, thus allwing actin t be taken in the event f unauthrized access. f) Alarms n external drs must be tested every three mnths Emergency Exits a) All emergency exits must be fitted with lcal audible alarms and mnitred 24 hurs a day and als must display a sign indicating emergency exit dr with alarm. b) Emergency exit drs must be fitted with an autmatic clser t ensure self-latching f the dr after being pened. c) Emergency exit drs must be cntact-alarm mnitred. d) These drs must be used nly in the event f an emergency and nt used fr any ther purpse. e) During wrking hurs, either the internal security cntrl rm r staff at a central mnitring service center must receive the signal frm the emergency exits. f) During nn-business hurs, the activatin f an emergency exit alarm must summn the lcal plice r a guard respnse directed by central mnitring service r n-site security cntrl Exterir Lighting a) Exterir lights must illuminate the exterir f the facility as well as all entrances and shipping and delivery areas, such that persns within these areas can be identified. b) The vendr must check all exterir lights mnthly and must maintain a recrd fr 24 mnths Rf Access a) Trees, telegraph ples, fences, etc. lcated adjacent t the prperty line that might facilitate rf access must be remved, relcated, r therwise secured against unauthrized access. b) All access pints int the building frm the rf must be lcked r therwise cntrlled frm the inside. c) All access pints must have magnetic cntacts r cntact sensrs bth f which must have mnitred access. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 11

17 d) All skylights, ventilatin, and cling system ducts that penetrate the building structure must be secured with security mesh, grating, r metal bars t prevent unauthrized access Exterir CCTV a) Exterir CCTV cameras must fcus n all entrances and exits t the building, and capture legible images f all persns entering r leaving the facility. b) Cameras must be mnitred in the security cntrl rm during peratinal hurs Signage Signage n the exterir f the building must neither indicate nr imply that the vendr prcesses card prducts. 3.3 Internal Structure and Prcesses Receptin a) The main entrance t the building must lead visitrs int a receptin area that restricts any physical cntact between visitr(s) and the receptinist/guard. b) The receptin area must be cntained within a mantrap. A mantrap is the secured space between drs perating n an electrnic interlcking basis that may be accessed by a card-reader access system r a remte-cntrl device, prvided that all mvement and activity is mnitred. c) The receptinist r guard respnsible fr the entrance and departure f visitrs must have an unbstructed view f the receptin area at all times. d) Visitrs must be visually inspected in this area t cnfirm their identity and issued with identificatin badges befre being admitted int the facility. e) The vendr must maintain a list at receptin f all staff authrized t bring visitrs int the vendr facility. Only peple n the list are allwed t bring visitrs int the facility. f) Visitrs must nly be allwed access beynd the receptin area after identificatin has been established and the apprpriate ID badge issued, which must be wrn by the visitr at all times whilst inside the facility. g) The electrnic cntrl pints fr perating this system must be lcated at the receptinist s desk r in the security cntrl rm. h) If the cntrl pints fr perating the external drs are lcated at the receptinist s desk, the wall(s) separating the receptinist area frm the receptin rm must be reinfrced and fitted with a security windw i.e., a windw f bullet-resistant transparent material cntaining a slt r device that allws the transfer f small packages and dcuments frm the receptin area t the receptinist r security guard. i) The vendr must prvide emplyees wrking in these areas with a telephne and a duress buttn that activates a silent alarm at a remte, central mnitring service r plice statin. j) If the receptinist area huses r acts as a security cntrl rm, the requirements as defined in Sectin 3.3.2, Security Cntrl Rm, must be met. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 12

18 k) Outside wrking hurs, all security prtectin devices (including alarm activatin and deactivatin) must be mnitred electrnically by either an in-huse security mnitring system r a private central mnitring cmpany. l) Emplyees may enter the facility thrugh the main entrance area r thrugh an emplyee-nly entrance. The external entrance dr f the building must nt lead directly t the entrance f the HSA Security Cntrl Rm Definitin This is the rm husing the primary CCTV mnitring systems, intrusin, fire, and alarmsystem cntrl and access cntrl systems Lcatin and Security Prtectin The vendr must: a) Staff the rm at all times while activity ccurs in the HSA b) Lcate the security cntrl rm utside f the HSA t achieve the segregatin f duties and independence between the guards and the HSA staff. c) Build the security cntrl rm f cncrete blck r ther material ffering similar resistance, if nt part f the facility. d) Prtect the rm by an internal mtin detectr. e) Fit the dr giving access t the rm with an in and ut card reader access system plus an anti-pass-back sftware functin cnnected t a cmputer that recrds all accesses and exits. f) Ensure that the sftware cunter registering the in and ut card transactins in the access cntrl system lgs the card transactins at the end f an access cycle (activatin f the card reader with the access card, pening and clsing f the dr). g) Calibrate the security cntrl rm mvement detectr t generate an alarm if mvement is detected inside the rm when the sftware cunter is zer (nbdy registered in the rm). The vendr must als calibrate the mvement detectr t generate an alarm if n mvement within fifteen r fewer minutes is detected inside the rm when the sftware cunter is equal r greater than ne (at least ne persn registered inside the rm). h) Ensure that in bth abve scenaris the alarm is bth lcally audible and that an alarm must be sent directly t the alarm mnitring services (security cntrl rm and the external security cmpany r plice statin). i) Fit the dr with an autmatic clsing device. The pening f the dr fr mre than 30 secnds must autmatically activate a sund alarm. The access cntrl system must be prgrammed, whereby access is n a persn-by-persn basis and restricted t authrized persnnel nly. j) Ensure that each individual entering r exiting cmpletes the full cycle f badging in and badging ut. k) Equip the security cntrl rm with tw independent means f cmmunicatin. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 13

19 l) Ensure that the badge access cntrl mnitr permanently displays the access card transactins n a real-time basis. Guards must be able t crss-check the access cntrl recrds with the CCTV images. m) Train guards in the security cntrl rm in the effective use f badge access cntrl system and CCTV system facilities. n) Ensure that a security guard is assigned t watch all real-time CCTV images n the mnitrs. ) Equip the rm with a bullet-resistant security windw facilitating the exchange f keys and dcumentatin between the security cntrl staff and external visitrs r HSA staff while minimizing physical cntact and access t unauthrized staff. p) Equip any ther external-facing windws with bullet-resistant glass and mirrr filming sufficient t prevent any bservatin frm utside the building. q) Cver all security cntrl rm windws with a ne-way mirrr film r ther material preventing viewing frm utside. r) Ensure all ther windws within the security cntrl rm are prtected by unbreakable glass r irn bars and are prtected against intrusin by at least ne f the fllwing: burglar-resistant glass, glass-break detectrs, r mtin r magnetic cntact detectrs. s) Ensure that when the rm is used fr receptin cntrl, the cnditins utlined in Sectin 3.3.1, Receptin, apply High Security Areas (HSAs) Definitin Areas in prductin facilities where card prducts, cmpnents, r data are stred r prcessed are called high security areas. Only card prductin-related activities shall take place within the HSA. a) At a minimum, the fllwing activities must take place nly in an HSA: Manufacturing Chip embedding Persnalizatin Strage Packaging Mailing Shipping r delivery Fulfillment b) Emplyees may nly bring items related t card prductin activity int the HSA. c) If a facility perfrms multiple prductin activities (e.g., card manufacturing and persnalizatin), these activities must be perfrmed in separate areas within the HSA. d) If these HSAs are within the same building, they must be cntiguus. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 14

20 3.3.4 HSA Security Prtectin and Access Prcedures Access Cntrl a) Access t the HSA must be restricted t authrized persns thrugh an access cntrl system, wrking n a strict persn-by-persn basis. b) Access cntrl systems must: Always be cnnected t the cmputer that mnitrs and lgs all staff and visitr mvements. Prevent emplyees frm piggybacking Enfrce persn-by-persn access. Implement anti-pass-back mechanisms Enfrce dual presence. If the number f persnnel is less than tw fr mre than a minute, the alarm must be activated c) The vendr must prgram the sftware access cntrl system, whereby access is n a persn-by-persn basis and restricted t authrized persnnel. d) The access cntrl system must activate the alarm system each time the last persn leaves the HSA. e) The HSA and all separate rms within the HSA must be prtected by internal mtin detectrs. f) The mtin detectr must generate an alarm if mvement is detected inside the security cntrl rm when the sftware cunter is zer (nbdy registered in the rm) and generate an alarm if n mvement is detected inside the rm when the sftware cunter is greater than zer (at least ne persn registered inside the rm). g) The warning must be a lcal sund alarm. Additinally, after wrking hurs, a simultaneus alarm t the lcal external security cmpany r lcal plice must ccur. h) N ne is allwed t bring persnal items (fr example, packages, lunch cntainers, purses) r any electrnic devices (including but nt limited t mbile telephnes, pht cameras, and PDAs), int the high security area Persn-by-Persn Access Cntrl and Anti-pass-back Sftware Functin a) Access must be enfrced by the use f an air lck, single sluice, r security turnstile, which must be cntrlled by lgical means, ensuring strict cmpliance with the persnby-persn mandate. b) Activatin f the access device must be cntrlled by a card reader that enfrces an anti-pass-back functin. c) The card readers must be permanently cnnected t a cmputer that centralizes the lgging f any card reader activatin. d) The status f the access must change nly when the persn has successfully cmpleted the access cycle. PCI Card Prductin Physical Security Requirements, v1.0 May 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page 15

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

Information Security Policy

Information Security Policy Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

DisplayNote Technologies Limited Data Protection Policy July 2014

DisplayNote Technologies Limited Data Protection Policy July 2014 DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Dcument Preview This is nly a prtin f the entire, custmizable dcument. KEEP IN DISASTER RECOVERY PLAN and a cpy ff-site Disaster Recvery and Business Cntinuity Plan Fr Name f Cmpany Name Lcatin f Date

More information

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Employees - recruitment, records and monitoring

Employees - recruitment, records and monitoring Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,

More information

NHVAS Mass Management Spot Check Checklist

NHVAS Mass Management Spot Check Checklist Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

Unified Infrastructure/Organization Computer System/Software Use Policy

Unified Infrastructure/Organization Computer System/Software Use Policy Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help

More information

Merchant Processes and Procedures

Merchant Processes and Procedures Merchant Prcesses and Prcedures Table f Cntents EXHIBIT C 1. MERCHANT INTRODUCTION TO T-CHEK 3 1.1 Wh is T-Chek Systems? 3 1.2 Hw t Cntact T-Chek Systems 3 1.3 Hw t Recgnize T-Chek Frms f Payment 3 1.3.1

More information

PHYSICAL SECURITY & ENVIRONMENTAL SECURITY

PHYSICAL SECURITY & ENVIRONMENTAL SECURITY PHYSICAL SECURITY & ENVIRONMENTAL SECURITY General Overview Physical security elements are safeguards enacted t ensure nly authrized individuals have access t varius physical lcatins, such as crprate facilities,

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information.

2.1 All SHR Users are responsible for the security of SHR systems/applications, resources and information. POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Frequently Asked Questions About I-9 Compliance

Frequently Asked Questions About I-9 Compliance Frequently Asked Questins Abut I-9 Cmpliance What is required t verify wrk authrizatin? The basic requirement t verify wrk authrizatin is the Frm I-9. This frm is available n the HR website: http://www.fit.edu/hr/dcuments/frms/i-9.pdf

More information

DISASTER RECOVERY PLAN TEMPLATE

DISASTER RECOVERY PLAN TEMPLATE www.disasterrecveryplantemplate.rg The bjective f a disaster recvery plan is t ensure that yu can respnd t a disaster r ther emergency that affects infrmatin systems and minimize the effect n the peratin

More information

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

Cyber Security: Simulation Platform

Cyber Security: Simulation Platform Service Overview The Symantec Cyber Security: Simulatin Platfrm is a Web hsted Service with immersive and hands-n access t cyber exercises fr ffensive (red team) events, inspired by real-life security

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

REQUEST FOR PROPOSAL SECURITY SERVICES

REQUEST FOR PROPOSAL SECURITY SERVICES REQUEST FOR PROPOSAL SECURITY SERVICES Sectin I INTRODUCTION [Cmpany] is seeking prpsals frm qualified Cntractrs t prvide unifrmed security service fr [Cmpany] facilities at [Lcatin(s)]. This dcument is

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE

COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE Mst dealers are familiar with the requirements f the Gramm-Leach-Bliley Act

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

Kentwood Police Department 4742 Walma Ave SE Kentwood, Michigan 49512 (616) 698-6580 http://www.ci.kentwood.mi.us REPORTING IDENTITY THEFT

Kentwood Police Department 4742 Walma Ave SE Kentwood, Michigan 49512 (616) 698-6580 http://www.ci.kentwood.mi.us REPORTING IDENTITY THEFT Kentwd Plice Department 4742 Walma Ave SE Kentwd, Michigan 49512 (616) 698-6580 http://www.ci.kentwd.mi.us REPORTING IDENTITY THEFT If yu are the victim f identity theft and ne f the fllwing cnditins are

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

POLICIES AND PROCEDURES

POLICIES AND PROCEDURES POLICIES AND PROCEDURES Department: Campus Safety and Security and Welcme Center/Infrmatin Subject: Rental Vehicle Insurance Date Issued: December 16, 2005 Date Revised: March 23, 2009; Octber 1, 2011

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin

More information

Accident Investigation

Accident Investigation Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,

More information

Houston Controls, Inc Safety Management System

Houston Controls, Inc Safety Management System Hustn Cntrls, Inc Dc N: Revisin Date: 3/16/2011 Revisin N. 1 Next Revisin Date: 3/16/2012 Preparatin: Safety Mgr Authrity: Dennis Jhnstn Issuing Dept: Safety Page: Page 1 f 11 Purpse The purpse f this

More information

Financial Accountability Handbook

Financial Accountability Handbook Financial Accuntability Handbk >> Vlume 5 Reprting Systems Infrmatin Sheet 5.2 Preparatin f Financial Statements Intrductin The Financial Accuntability Act 2009 (the Act) and the Financial and Perfrmance

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Information Bulletin PT 204/09.15

Information Bulletin PT 204/09.15 Infrmatin Bulletin PT 204/09.15 Operatr Accreditatin fr Limusine Services What is peratr accreditatin? The Transprt Operatins (Passenger Transprt) Act 1994 requires peratrs f public passenger services

More information

Corporate Credit Card Policy

Corporate Credit Card Policy Plicy N: 13 Crprate Credit Card Plicy CONTROL: Plicy Type: Authrised by: Head f Pwer: Financial Cuncil Nt Applicable Respnsible Officer: Crprate and Cmmunity Manager Respnsibilities: Review and implement

More information

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation TO: FROM: HR Officers & Human Resurces Representatives Chris Chirn, Interim Senir Directr, Emplyee & Management Relatins Jessica Mre, Senir Directr, Classificatin & Cmpensatin DATE: May 26, 2015 RE: Annual

More information

Support Services. v1.19 / 2015-07-02

Support Services. v1.19 / 2015-07-02 Supprt Services v1.19 / 2015-07-02 Intrductin - Table f Cntents 1 Intrductin... 3 2 Definitins... 4 3 Supprt Prgram Feature Overview... 5 4 SLA fr the Supprt Services... 6 4.1 Standard Supprt... 6 4.2

More information

IMPLEMENTATION DETAILS

IMPLEMENTATION DETAILS Plicy: Title: Status: 1. Intrductin ISP-I10 Payment Card Security Apprved Infrmatin Security Plicy Dcumentatin IMPLEMENTATION DETAILS 1.1. This dcument supprts implementatin f the "Payment Card Industry

More information

Nuance Healthcare Services Project Delivery Methodology

Nuance Healthcare Services Project Delivery Methodology NUANCE PROFESSIONAL SERVICES Nuance Healthcare Services 2008 Nuance Cmmunicatins, Inc. All rights reserved. Nuance Healthcare Services 1 INTRODUCTION This dcument describes the prject management methdlgy

More information

HP Point of Sale FAQ Warranty, Care Pack Service & Support. Limited warranty... 2 HP Care Pack Services... 3 Support... 3

HP Point of Sale FAQ Warranty, Care Pack Service & Support. Limited warranty... 2 HP Care Pack Services... 3 Support... 3 HP Pint f Sale FAQ Warranty, Care Pack Service & Supprt Limited warranty... 2 HP Care Pack Services... 3 Supprt... 3 Limited warranty Q: What des a 3/3/3 limited warranty mean? A: HP Retail Pint f Sale

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

Service Desk Self Service Overview

Service Desk Self Service Overview Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service

More information

THIRD PARTY PROCUREMENT PROCEDURES

THIRD PARTY PROCUREMENT PROCEDURES ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS

COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS fr STUDY ABROAD PROGRAMS Belw is a list f items t address and questins that need t be addressed in the cmprehensive safety assessment. In additin t the safety

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

Durango Merchant Services QuickBooks SyncPay

Durango Merchant Services QuickBooks SyncPay Durang Merchant Services QuickBks SyncPay Gateway Plug-In Dcumentatin April 2011 Durang-Direct.cm 866-415-2636-1 - QuickBks Gateway Plug-In Dcumentatin... - 3 - Installatin... - 3 - Initial Setup... -

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

Privacy Breach and Complaint Protocol

Privacy Breach and Complaint Protocol Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is

More information

Malpractice and Maladministration Policy

Malpractice and Maladministration Policy TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs

More information

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16 Yu must read and agree t fllw the netwrk rules belw t use yur netwrk accunt r access the internet. Nrwd Public Schls makes available t students access t cmputers and the Internet. Students are expected

More information

State of California California Technology Agency. Software Management Plan Guidelines

State of California California Technology Agency. Software Management Plan Guidelines State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)

More information

Vancouver Island University Job Posting System Instruction Manual

Vancouver Island University Job Posting System Instruction Manual Vancuver Island University Jb Psting System Instructin Manual Have questins, cncerns, r need training? Cntact Human Resurces Recruitment Office at recruit@viu.ca r lcal 6239 Last updated: February 2013

More information

NSW FAIR TRADING. Real Estate Fraud Prevention Guidelines

NSW FAIR TRADING. Real Estate Fraud Prevention Guidelines NSW FAIR TRADING Real Estate Fraud Preventin Guidelines Real Estate Fraud Preventin Guidelines Cntents 1. Intrductin..... 2 2. Backgrund.. 2 3. The Law.. 2 4. Cmmissiner s Guidance.... 3 5. Prescribed

More information

Online Banking Agreement

Online Banking Agreement Online Banking Agreement 1. General This Online Banking Agreement, which may be amended frm time t time by us (this "Agreement"), fr accessing yur Clrad Federal Savings Bank accunt(s) via the Internet

More information

Electronic and Information Resources Accessibility Compliance Plan

Electronic and Information Resources Accessibility Compliance Plan Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

ensure that all users understand how mobile phones supplied by the council should and should not be used.

ensure that all users understand how mobile phones supplied by the council should and should not be used. Mbile Phne Plicy & Guidance Intrductin This plicy is designed t safeguard bth the cuncil and users f mbile phnes supplied by Angus Cuncil. It aims t ensure that these are used effectively, fr their intended

More information

This version replaces and invalidates all previous versions.

This version replaces and invalidates all previous versions. e-mail: exprt@singular-tech.cm www.grupspec.cm BARCELONA (SPAIN) c/. Caballer, 79 08014 - Barcelna Telephne: 932.478.800 Fax: 932.478.811 100% Web-based emplyee time management sftware fr SMEs TECHNOLOGY

More information

Ensuring end-to-end protection of video integrity

Ensuring end-to-end protection of video integrity White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring

More information

.100 POLICY STATEMENT

.100 POLICY STATEMENT Treasury Management Operatins Sectin: Treasury Management Number: 105.100 Title: Treasury Management Operatins POLICY Index.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE

More information

State Fleet Card Oversight Usage and Responsibilities

State Fleet Card Oversight Usage and Responsibilities State Fleet Card Oversight Usage and Respnsibilities Intrductin The Department f General Services (DGS), Office f Fleet and Asset Management (OFAM) administers a statewide ne-prvider payment system cntract

More information

San Diego One-Stop Career Center Network PY 2011/2012 Revised June 2011

San Diego One-Stop Career Center Network PY 2011/2012 Revised June 2011 San Dieg One-Stp Career Center Netwrk PY 2011/2012 Revised June 2011 ADULT AND DISLOCATED WORKER PERFORMANCE POLICY 1. WIA requires a cmprehensive accuntability system t determine the effectiveness f services

More information

Emergency Preparedness Plans. Page 1 of 19

Emergency Preparedness Plans. Page 1 of 19 Emergency Preparedness Plans Page 1 f 19 Page 2 f 19 Requirements SUA Respnsibilities t AA Designate a Disaster Aging Officer DADS Disaster Crdinatr - Glen Basn A&I AAA Sectin s Disaster Team Aimee Mick*,

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

BAMS Third Party Service Providers (TPSPs) FAQs

BAMS Third Party Service Providers (TPSPs) FAQs BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard

More information